H3C S3610-28P Operation Manual page 1050

Operation Manual – ACL
H3C S3610&S5510 Series Ethernet Switches
To do...
Create or modify a
rule
Set a rule numbering
step
Create an IPv6 ACL
description
Create a rule
description
Note that:
You will fail to create or modify a rule if its permit/deny statement is exactly the
same as another rule. In addition, if the ACL match order is set to auto rather than
config, you cannot modify ACL rules.
When defining ACL rules, you need not assign them IDs. The system can
automatically assign rule IDs starting with 0 and increasing in certain rule
numbering steps. A rule ID thus assigned is greater than the current highest rule
ID. For example, if the rule numbering step is five and the current highest rule ID is
28, the next rule will be numbered 30. For detailed information about step, refer to
the step command.
You may use the display acl command to verify rules configured in an ACL. If the
match order for this ACL is auto, rules are displayed in the depth-first match order
rather than by rule number.
Caution:
You can modify the match order of an IPv6 ACL with the acl ipv6 number
acl6-number [ name acl6-name ] match-order { auto | config } command but only
when it does not contain any rules.
The rule specified in the rule comment command must have existed.
Use the command...
rule [ rule-id ] { deny |
permit } [ fragment |
logging | source
{ ipv6-address prefix-length
| ipv6-address/prefix-length
| any } | time-range
time-name ] *
step step-value
description text
rule rule-id comment text
3-2
Chapter 3 IPv6 ACL Configuration
Remarks
Required
To create multiple rules,
repeat this step.
Optional
The default step is 5.
Optional
By default, no IPv6 ACL
description is present.
Optional
By default, no rule description
is present.