3Com 4500G Family Configuration Manual page 762

To do...
Set the rule numbering
step
Configure a description
for the basic IPv6 ACL
Configure a rule
description
Note that:
You can only modify the existing rules of an ACL that uses the match order of config. When
modifying a rule of such an ACL, you may choose to change just some of the settings, in which
case the other settings remain the same.
You cannot create a rule with, or modify a rule to have, the same permit/deny statement as an
existing rule in the ACL.
When the ACL match order is auto, a newly created rule will be inserted among the existing rules in
the depth-first match order. Note that the IDs of the rules still remain the same.
You can modify the match order of an IPv6 ACL with the acl ipv6 number acl6-number [ name
acl6-name ] match-order { auto | config } command, but only when the ACL does not contain any
rules.
The rule specified in the rule comment command must already exist.
Configuration Example
# Configure IPv6 ACL 2000 to permit IPv6 packets with the source address of 2030:5060::9050/64 and
deny IPv6 packets with the source address of fe80:5060::8050/96.
<Sysname> system-view
[Sysname] acl ipv6 number 2000
[Sysname-acl6-basic-2000] rule permit source 2030:5060::9050/64
[Sysname-acl6-basic-2000] rule deny source fe80:5060::8050/96
# Verify the configuration.
[Sysname-acl6-basic-2000] display acl ipv6 2000
Basic IPv6 ACL
ACL's step is 5
rule 0 permit source 2030:5060::9050/64 (4 times matched)
rule 5 deny source FE80:5060::8050/96 (5 times matched)
Use the command...
step step-value
description text
rule rule-id comment text
2000, named -none-, 2 rules,
Optional
5 by default
Optional
By default, a basic IPv6 ACL has no ACL
description.
Optional
By default, an IPv6 ACL rule has no rule
description.
3-2
Remarks