H3C WA2200 Series Configuration Manual page 19

To do...
Set the rule numbering
step
Create or edit a rule
Configure or edit a rule
description
Configuring an IPv6 Advanced ACL
IPv6 advanced ACLs match packets based on the source IPv6 address, destination IPv6 address,
protocol carried over IPv6, and other protocol header fields such as the TCP/UDP source port number,
TCP/UDP destination port number, ICMP message type, and ICMP message code.
Compared with IPv6 basic ACLs, they allow of more flexible and accurate filtering.
Follow these steps to configure an IPv6 advanced ACL:
To do...
Enter system view
Create an IPv6
advanced ACL and
enter its view
Configure a
description for the
IPv6 advanced ACL
Set the rule
numbering step
Use the command...
step step-value
rule [ rule-id ] { deny | permit }
protocol [ { { ack ack-value | fin
fin-value | psh psh-value | rst
rst-value | syn syn-value | urg
urg-value } * | established } |
destination { dest-addr
dest-wildcard | any } |
destination-port operator port1
[ port2 ] | dscp dscp | fragment |
icmp-type { icmp-type icmp-code |
icmp-message } | logging |
precedence precedence |
reflective | source { sour-addr
sour-wildcard | any } | source-port
operator port1 [ port2 ] |
time-range time-range-name | tos
tos ] *
rule rule-id comment text
Use the command...
system-view
acl ipv6 number acl6-number [ name
acl6-name ] [ match-order { auto |
config } ]
description text
step step-value
Optional
5 by default.
Required
By default, an IPv4 advanced ACL does
not contain any rule.
To create or edit multiple rules, repeat this
step.
The logging keyword takes effect only
when the module using the ACL supports
logging.
Optional
By default, an IPv4 advanced ACL rule has
no rule description.
––
Required
By default, no ACL exists.
IPv6 advanced ACLs are numbered in
the range 3000 to 3999.
You can use the acl ipv6 name
acl6-name command to enter the view
of an existing named IPv6 ACL.
Optional
By default, an IPv6 advanced ACL has
no ACL description.
Optional
5 by default.
4-8
Remarks
Remarks