Rule (In Advanced Ipv6 Acl View) - H3C MSR 20-20 Command Reference Manual
Msr 20/30/50 series routers
Hide thumbs
Also See for MSR 20-20:
- Installation manual (73 pages) ,
- User manual (60 pages) ,
- Supplementary manual (6 pages)
Table of Contents
Advertisement
2109
Use the
command to remove an IPv6 ACL rule or parameters from the
undo rule
rule.
With the undo rule command, if no parameters are specified, the entire ACL rule
is removed; if other parameters are specified, only the involved information is
removed.
You will fail to create or modify a rule if its permit/deny statement is exactly the
same as another rule. In addition, if the ACL match order is set to auto rather than
config, you cannot modify ACL rules.
When defining ACL rules, you need not assign them IDs. The system can
automatically assign rule IDs starting with 0 and increasing in certain rule
numbering steps. A rule ID thus assigned is greater than the current highest rule
ID. For example, if the rule numbering step is five and the current highest rule ID is
28, the next rule will be numbered 30. For detailed information about step, refer
to "step (for IPv4)" on page 2100 and "step (for IPv6)" on page 2116.
You may use the display acl ipv6 command to verify rules configured in an ACL.
If the match order for this IPv6 ACL is auto, rules are displayed in the depth-first
match order rather than by rule number.
Example
# Create rules in IPv6 ACL 2000.
<Sysname> system-view
[Sysname] acl ipv6 number 2000
[Sysname-acl6-basic-2000] rule permit source 2030:5060::9050/64
[Sysname-acl6-basic-2000] rule 8 deny source fe80:5060::8050/96
rule (in advanced IPv6 ACL view)
Syntax
rule [ rule-id ] { deny | permit } protocol [ destination { dest dest-prefix |
dest/dest-prefix | any } | destination-port operator port1 [ port2 ] | dscp dscp |
fragment | icmpv6-type { icmpv6-type icmpv6-code | icmpv6-message } | logging |
source { source source-prefix | source/source-prefix | any } | source-port operator
port1 [ port2 ] | time-range time-name ] *
undo rule rule-id [ destination | destination-port | dscp | fragment | icmpv6-type |
logging | source | source-port | time-range ] *
View
Advanced IPv6 ACL view
Parameter
rule-id: IPv6 ACL rule number in the range 0 to 65534.
deny: Defines a deny statement to drop matched packets.
permit: Defines a permit statement to allow matched packets to pass.
protocol: Protocol carried on IPv6. It can be a number in the range 0 to 255, or in
words, gre (47), icmpv6 (58), ipv6, ipv6-ah (51), ipv6-esp (50), ospf (89), tcp
(6), udp (17).
Advertisement
Chapters
Table of Contents
