Rule (Ipv6 Basic Acl View) - HPE FlexNetwork HSR6800 series Command Reference Manual

Comware 7 acl and qos

Hide thumbs Also See for FlexNetwork HSR6800 series:

Security command reference (538 pages)

Configuration manual (503 pages)

Command reference manual (35 pages)

Table Of Contents

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

133

134

135

136

137

138

139

140

141

142

143

144

145

146

147

148

149

150

151

152

153

page of 153

/ 153
Contents
Table of Contents
Bookmarks

Table of Contents

Examples

# Create an IPv6 advanced ACL rule to permit TCP packets with the destination port 80 from

2030:5060::/64 to FE80:5060::/96.

<Sysname> system-view

[Sysname] acl ipv6 advanced 3000

[Sysname-acl-ipv6-adv-3000] rule permit tcp source 2030:5060::/64 destination

fe80:5060::/96 destination-port eq 80

# Create IPv6 advanced ACL rules to permit all IPv6 packets but the ICMPv6 packets destined for

FE80:5060:1001::/48.

<Sysname> system-view

[Sysname] acl ipv6 advanced 3001

[Sysname-acl-ipv6-adv-3001] rule deny icmpv6 destination fe80:5060:1001:: 48

[Sysname-acl-ipv6-adv-3001] rule permit ipv6

# Create IPv6 advanced ACL rules to permit inbound and outbound FTP packets.

<Sysname> system-view

[Sysname] acl ipv6 advanced 3002

[Sysname-acl-ipv6-adv-3002] rule permit tcp source-port eq ftp

[Sysname-acl-ipv6-adv-3002] rule permit tcp source-port eq ftp-data

[Sysname-acl-ipv6-adv-3002] rule permit tcp destination-port eq ftp

[Sysname-acl-ipv6-adv-3002] rule permit tcp destination-port eq ftp-data

# Create IPv6 advanced ACL rules to permit inbound and outbound SNMP and SNMP trap packets.

<Sysname> system-view

[Sysname] acl ipv6 advanced 3003

[Sysname-acl-ipv6-adv-3003] rule permit udp source-port eq snmp

[Sysname-acl-ipv6-adv-3003] rule permit udp source-port eq snmptrap

[Sysname-acl-ipv6-adv-3003] rule permit udp destination-port eq snmp

[Sysname-acl-ipv6-adv-3003] rule permit udp destination-port eq snmptrap

# Create IPv6 advanced ACL 3004, and configure two rules: one permits packets with the

Hop-by-Hop Options header type as 5, and the other one denies packets with other Hop-by-Hop

Options header types.

<Sysname> system-view

[Sysname] acl ipv6 advanced 3004

[Sysname-acl-ipv6-adv-3004] rule permit ipv6 hop-by-hop type 5

[Sysname-acl-ipv6-adv-3004] rule deny ipv6 hop-by-hop

Related commands

acl

acl logging interval

display acl

step

time-range