Ipv6 Acl Step; Effective Period Of An Ipv6 Acl - 3Com 4500G Family Configuration Manual

Depth-first match for a basic IPv6 ACL
The following shows how your device performs depth-first match in a basic IPv6 ACL:
1) Sort rules by source IPv6 address prefix first and compare packets against the rule configured with
a longer prefix for the source IPv6 address.
2) In case of a tie, compare packets against the rule configured first.
Depth-first match for an advanced IPv6 ACL
The following shows how your device performs depth-first match in an advanced IPv6 ACL:
1) Look at the protocol type field in the rules first. A rule with no limit to the protocol type (that is,
configured with the ipv6 keyword) has the lowest precedence. Rules each of which has a single
specified protocol type are of the same precedence level. Compare packets against the rule with
the highest precedence.
2) In case of a tie, look at the source IPv6 address prefixes. Then, compare packets against the rule
configured with a longer prefix for the source IPv6 address.
3) If the prefix lengths for the source IPv6 addresses are the same, look at the destination IPv6
address prefixes. Then, compare packets against the rule configured with a longer prefix for the
destination IPv6 address.
4) If the prefix lengths for the destination IPv6 addresses are the same, look at the Layer 4 port
number ranges, namely the TCP/UDP port number ranges. Then compare packets against the rule
configured with the smaller port number range.
5) If the port number ranges are the same, compare packets against the rule configured first.
The comparison of a packet against an ACL stops immediately after a match is found. The packet is
then processed as per the rule.

IPv6 ACL Step

Refer to IPv4 ACL

Effective Period of an IPv6 ACL

Refer to Effective Period of an IPv4
Step.
ACL.
1-6