Ipv6 Acl Configuration - H3C S3100 Series Operation Manual
H3c s3100 series ethernet switches operation manual
Hide thumbs
Also See for S3100 Series:
- Command manual (1244 pages) ,
- Installation manual (94 pages) ,
- Operation manual (32 pages)
Table of Contents
Advertisement
A bigger step means more numbering flexibility. This is helpful when the config rule order is adopted,
with which ACL rules are sorted in ascending order of rule ID.
If no ID is specified for a rule when the rule is created, the system automatically assigns it the smallest
multiple of the step that is bigger than the current biggest rule ID, starting with 0. For example, given the
step of 5, if the present biggest rule ID is 28, the newly defined rule will be numbered 30. If the ACL does
not contain any rule, the first defined rule will be numbered 0.
Effective Time Period of an IPv6 ACL
You can control when a rule can take effect by referencing a time range in the rule.
A referenced time range can be one that has not been created yet. The rule, however, can take effect
only after the time range is defined and becomes active.
IPv6 ACL Configuration
Configuring a Basic IPv6 ACL
Basic IPv6 ACLs match packets based on only source IPv6 address. They are numbered in the range
2000 to 2999.
Configuration Prerequisites
If you want to reference a time range in a rule, define it with the time-range command first.
Configuration Procedure
Follow these steps to configure an IPv6 ACL:
To do...
Enter system view
Create a basic IPv6 ACL view and
enter its view
Create or modify a rule
Set the rule numbering step
Configure a description for the
basic IPv6 ACL
Configure a rule description
Note that:
Use the command...
system-view
acl ipv6 number acl6-number
[ name acl6-name ] [ match-order
{ auto | config } ]
rule [ rule-id ] { deny | permit }
[ counting | fragment | logging |
source { ipv6-address
prefix-length |
ipv6-address/prefix-length | any } |
time-range time-range-name ] *
step step-value
description text
rule rule-id comment text
5-7
Remarks
––
Required
The default rule order is config.
If you specify a name for an IPv6
ACL when creating the ACL, you
can use the acl ipv6 name
acl6-name command to enter the
view of the ACL later.
Required
To create or modify multiple rules,
repeat this step.
Optional
5 by default
Optional
By default, a basic IPv6 ACL has
no ACL description.
Optional
By default, an IPv6 ACL rule has
no rule description.
Advertisement
Chapters
Table of Contents
Troubleshooting
