H3C S7500E Series Command Manual page 1113

Command Manual – ACL
H3C S7500E Series Ethernet Switches
With the undo rule command, if no parameters are specified, the entire ACL rule is
removed; if other parameters are specified, only the involved information is removed.
Note that:
You will fail to create or modify a rule if its permit/deny statement is exactly the
same as another rule. In addition, if the ACL match order is set to auto rather than
config, you cannot modify ACL rules.
When defining ACL rules, you need not assign them IDs. The system can
automatically assign rule IDs, starting with 0 and increasing in certain rule
numbering steps. A rule ID thus assigned is greater than the current highest rule
ID. For example, if the rule numbering step is 5 and the current highest rule ID is
28, the next rule will be numbered 30.
You may use the display acl ipv6 command to verify rules configured in an IPv6
ACL. If the match order for this IPv6 ACL is auto, rules are displayed in the
depth-first match order rather than by rule number.
Note:
For an advanced IPv6 ACL to be referenced by a QoS policy for traffic classification:
The logging and fragment keywords are not supported.
The operator cannot be neq if the ACL is for the inbound traffic.
The operator cannot be gt, lt, neq, or range if the ACL is for the outbound traffic.
Examples
# Create a rule in IPv6 ACL 3000 to permit the TCP packets with the source address
2030:5060::9050/64 to pass.
<Sysname> system-view
[Sysname] acl ipv6 number 3000
[Sysname-acl6-adv-3000] rule permit tcp source 2030:5060::9050/64
1.3.9 rule comment (for IPv6)
Syntax
rule rule-id comment text
undo rule rule-id comment
View
Basic IPv6 ACL view, advanced IPv6 ACL view
Chapter 1 ACL Configuration Commands
1-33