H3C S7500E Series Configuration Manual page 18

You cannot create a rule with, or modify a rule to have, the same permit/deny statement as an
existing rule in the ACL.
When the ACL match order is auto, a newly created rule will be inserted among the existing rules
in the depth-first match order. Note that the IDs of the rules still remain the same.
You can modify the match order of an ACL with the acl number acl-number [ name acl-name ]
match-order { auto | config } command but only when it does not contain any rules.
Configuring an IPv6 basic ACL
Follow these steps to configure an IPv6 basic ACL:
To do...
Enter system view
Create an IPv6 basic ACL view
and enter its view
Configure a description for the
IPv6 basic ACL
Set the rule numbering step
Create or edit a rule
Use the command...
system-view
acl ipv6 number acl6-number
[ name acl6-name ] [ match-order
{ auto | config } ]
description text
step step-value
rule [ rule-id ] { deny | permit }
[ fragment | logging | source
{ ipv6-address prefix-length |
ipv6-address/prefix-length | any } |
time-range time-range-name ]*
1-8
Remarks
––
Required
By default, no ACL exists.
IPv6 basic ACLs are numbered in
the range 2000 to 2999.
You can use the acl ipv6 name
acl6-name command to enter the
view of an existing named IPv6
ACL.
Optional
By default, an IPv6 basic ACL has
no ACL description.
Optional
5 by default
Required
By default, an IPv6 basic ACL
does not contain any rule.
To create or edit multiple rules,
repeat this step.
Note that the logging and
fragment keywords are not
supported if the ACL is to be
referenced by a QoS policy for
traffic classification.