Configuring An Advanced Ipv6 Acl - H3C S5500-EI series Operation Manual

Operation Manual – ACL
H3C S5500-EI Series Ethernet Switches
[Sysname] acl ipv6 number 2000
[Sysname-acl6-basic-2000] rule permit source 2030:5060::9050/64
[Sysname-acl6-basic-2000] rule deny source fe80:5060::8050/96
# Verify the configuration.
[Sysname-acl6-basic-2000] display acl ipv6 2000
Basic IPv6 ACL
ACL's step is 5
rule 0 permit source 2030:5060::9050/64
rule 5 deny source FE80:5060::8050/96

3.3 Configuring an Advanced IPv6 ACL

Advanced ACLs filter packets based on the source IPv6 address, destination IPv6
address, protocol carried on IPv6, and other protocol header fields such as the
TCP/UDP source port, TCP/UDP destination port, ICMP message type, and ICMP
message code.
Advanced IPv6 ACLs are numbered in the range 3000 to 3999. Compared with basic
IPv6 ACLs, they allow of more flexible and accurate filtering.
3.3.1 Configuration Prerequisites
If you want to reference a time range to a rule, define it with the time-range command
first.
3.3.2 Configuration Procedure
Follow these steps to configure an advanced IPv6 ACL:
Enter system view
Create and enter
advanced IPv6 ACL view
2000, named -none-, 2 rules,
To do...
system-view
acl ipv6 number
acl6-number [ name
acl6-name ]
[ match-order { auto |
config } ]
Use the command...
3-3
Chapter 3 IPv6 ACL Configuration
Remarks
––
Required
The default match order is
config.
If you specify a name for
an IPv6 ACL when
creating the ACL, you can
use the acl ipv6 name
acl6-name command to
enter the view of the ACL
later.