Table of Contents
Advertisement
err-Header-field
frag-time-exceeded
hop-limit-exceeded
host-admin-prohib
host-unreachable
neighbor-advertisement
neighbor-solicitation
network-unreachable
packet-too-big
port-unreachable
redirect
router-advertisement
router-solicitation
unknown-ipv6-opt
unknown-next-hdr
Usage guidelines
If an IPv6 advanced ACL is for QoS traffic classification or packet filtering:
•
Do not specify the
•
Do not specify
•
Do not specify the
the ACL is for outbound application.
•
Do not specify
the ACL is for outbound application.
Within an ACL, the permit or deny statement of each rule must be unique. If the rule you are creating
or editing has the same deny or permit statement as another rule in the ACL, the rule will not be
created or changed.
You can edit ACL rules only when the match order is
To view the existing IPv6 basic and advanced ACL rules, use the
command.
The
undo rule rule-id
specify optional parameters, the
a rule.
The
undo rule { deny | permit }
specify all the attributes of the rule for the command.
Examples
# Create an IPv6 advanced ACL rule to permit TCP packets with the destination port 80 from
2030:5060::/64 to FE80:5060::/96.
<Sysname> system-view
[Sysname] acl ipv6 advanced 3000
[Sysname-acl-ipv6-adv-3000] rule permit tcp source 2030:5060::/64 destination
fe80:5060::/96 destination-port eq 80
4
3
3
1
1
136
135
1
2
1
137
134
133
4
4
keyword.
fragment
for the
neq
operator
vpn-instance
for the
ipv6-ah
protocol
command without any optional parameters deletes an entire rule. If you
undo rule rule-id
command can only be used to delete an entire rule. You must
argument.
,
,
routing
hop-by-hop
argument, or set its value to 0, 43, 44, 51, or 60 if
.
config
command deletes the specified attributes for
17
0
1
0
1
3
0
0
0
0
4
0
0
0
2
1
, or
keyword if
flow-label
display acl ipv6 all
Advertisement
Chapters
Table of Contents
