Configuring An Advanced Ipv6 Acl - H3C S5810 Series Operation Manual

To do...
Create or modify a rule
Set the rule numbering step
Configure a description for the
basic IPv6 ACL
Configure a rule description
Note that:
You can only modify the existing rules of an ACL that uses the match order of config. When
modifying a rule of such an ACL, you may choose to change just some of the settings, in which
case the other settings remain the same.
You cannot create a rule with, or modify a rule to have, the same permit/deny statement as an
existing rule in the ACL.
When the ACL match order is auto, a newly created rule will be inserted among the existing rules
in the depth-first match order. Note that the IDs of the rules still remain the same.
You can modify the match order of an IPv6 ACL with the acl ipv6 number acl6-number [ name
acl6-name ] match-order { auto | config } command, but only when the ACL does not contain any
rules.
The rule specified in the rule comment command must already exist.

Configuring an Advanced IPv6 ACL

Advanced IPv6 ACLs match packets based on the source IPv6 address, destination IPv6 address,
protocol carried over IPv6, and other protocol header fields such as the TCP/UDP source port number,
TCP/UDP destination port number, ICMP message type, and ICMP message code.
Advanced IPv6 ACLs are numbered in the range 3000 to 3999. Compared with basic IPv6 ACLs, they
allow of more flexible and accurate filtering.
Use the command...
rule [ rule-id ] { deny | permit }
[ fragment | logging | source
{ ipv6-address prefix-length |
ipv6-address/prefix-length |
any } | time-range
time-range-name ] *
step step-value
description text
rule rule-id comment text
3-2
Remarks
Required
To create or modify multiple
rules, repeat this step.
Note that the logging
keywords are not supported if
the ACL is to be referenced by
a QoS policy for traffic
classification.
Optional
5 by default
Optional
By default, a basic IPv6 ACL
has no ACL description.
Optional
By default, an IPv6 ACL rule
has no rule description.