Configuring An Advanced Ipv6 Acl - HP 4800G Series Configuration Manual

Hide thumbs

Table of Contents

Configure a description

for the basic IPv6 ACL

Configure a rule

You can only modify the existing rules of an ACL that uses the match order of config. When

modifying a rule of such an ACL, you may choose to change just some of the settings, in which

case the other settings remain the same.

You cannot create a rule with, or modify a rule to have, the same permit/deny statement as an

existing rule in the ACL.

When the ACL match order is auto, a newly created rule will be inserted among the existing rules in

the depth-first match order. Note that the IDs of the rules still remain the same.

You can modify the match order of an IPv6 ACL with the acl ipv6 number acl6-number [ name

acl6-name ] match-order { auto | config } command, but only when the ACL does not contain any

The rule specified in the rule comment command must already exist.

Configuration Example

# Configure IPv6 ACL 2000 to permit IPv6 packets with the source address of 2030:5060::9050/64 and

deny IPv6 packets with the source address of fe80:5060::8050/96.

<Sysname> system-view

[Sysname] acl ipv6 number 2000

[Sysname-acl6-basic-2000] rule permit source 2030:5060::9050/64

[Sysname-acl6-basic-2000] rule deny source fe80:5060::8050/96

# Verify the configuration.

[Sysname-acl6-basic-2000] display acl ipv6 2000

Basic IPv6 ACL

ACL's step is 5

rule 0 permit source 2030:5060::9050/64 (4 times matched)

rule 5 deny source FE80:5060::8050/96 (5 times matched)