R3721-F3210-F3171-HP High-End Firewalls Access Control Command Reference-6PW101
4
Default level
2: System level
Parameters
number acl6-number: Specifies the number of an IPv6 ACL:
• 2000 to 2999 for IPv6 basic ACLs
• 3000 to 3999 for IPv6 advanced ACLs
name acl6-name: Assigns a name to the IPv6 ACL for easy identification. The acl6-name argument takes
a case-insensitive string of 1 to 63 characters. It must start with an English letter, and to avoid confusion,
cannot be all.
match-order: Sets the order in which ACL rules are compared against packets:
• auto—Compares ACL rules in depth-first order. The depth-first order differs with ACL categories. For
more information, see Access Control Configuration Guide.
• config—Compares ACL rules in ascending order of rule ID. The rule with a smaller ID has higher
priority. If no match order is specified, the config order applies by default.
all: Delete all IPv6 ACLs.
Description
Use acl ipv6 to create an IPv6 ACL and enter its ACL view. If the ACL has been created, you enter its view
directly.
Use undo acl ipv6 to delete the specified IPv6 ACL or all IPv6 ACLs.
By default, no ACL exists.
You can assign a name to an IPv6 ACL only when you create it. After an IPv6 ACL is created, you cannot
rename it or remove its name.
You can change match order only for ACLs that do not contain any rules.
To display any ACLs you have created, use the display acl ipv6 command.
Examples
# Create IPv6 ACL 2000 and enter its view.
<Sysname> system-view
[Sysname] acl ipv6 number 2000
[Sysname-acl6-basic-2000]
# Create IPv6 basic ACL 2001 with the name flow, and enter its view.
<Sysname> system-view
[Sysname] acl ipv6 number 2001 name flow
[Sysname-acl6-basic-2001-flow]
acl ipv6 copy
Syntax
acl ipv6 copy { source-acl6-number | name source-acl6-name } to { dest-acl6-number | name
dest-acl6-name }
View
System view