Ipv6 Acl Classification; Ipv6 Acl Match Order - H3C S9500 Operation Manual
Routing switches
Hide thumbs
Also See for H3C S9500:
- Command manual (1842 pages) ,
- Operation manual (1504 pages) ,
- Operating manual (76 pages)
Table of Contents
Advertisement
Operation Manual – ACL
H3C S9500 Series Routing Switches
Effective Period of an IPv4 ACL
1.2.1 IPv6 ACL Classification
IPv6 ACLs, identified by ACL numbers, fall into the following three categories:
Basic IPv6 ACL, based on source IPv6 address. Basic IPv6 ACLs are numbered
2000 through 2999.
Advanced IPv6 ACL, based on source IPv6 address, destination IPv6 address,
protocol carried on IPv6, and other Layer 3 or Layer 4 protocol header fields.
Advanced ACLs are numbered 3000 through 3999.
1.2.2 IPv6 ACL Match Order
Similar to IPv4 ACLs, each IPv6 ACL is a sequential collection of rules defined with
different matching criteria, and the rules may be repeated or contradictory. The ACL
match order determines how a packet is matched against the rules.
Like in IPv4 ACLs, the following two match orders are available in IPv6 ACLs:
config: where rules are compared against in the order in which they are
configured.
auto: where depth-first match is performed.
I. Depth-first match for a basic IPv6 ACL
The following shows how your device performs depth-first match in a basic IPv6 ACL:
1)
Sort rules by source IPv6 address wildcard first and compare packets against the
rule configured with a longer prefix in the source IPv6 address wildcard prior to
other rules.
2)
If two rules are present with the same prefix length in their source IPv6 address
wildcards, compare packets against the rule configured first prior to the other.
II. Depth-first match for an advanced IPv6 ACL
The following shows how your device performs depth-first match in an advanced IPv6
ACL:
1)
Sort rules by protocol range first, and compare packets against the rule with the
protocol carried on IPv6 specified prior to other rules.
2)
If two rules are present with the same protocol range, look at the source IPv6
address wildcards in addition. Then, compare packets against the rule configured
with a larger prefix length in the source IPv6 address wildcard prior to the other.
3)
If the prefix lengths in the source IPv6 address wildcards are the same, look at the
destination IPv6 address wildcards. Then, compare packets against the rule
configured with a larger prefix length in the destination IPv6 address wildcard prior
to the other.
1-5
Chapter 1 ACL Overview
Advertisement
Chapters
Table of Contents
