R3721-F3210-F3171-HP High-End Firewalls Access Control Command Reference-6PW101
23
ICMPv6 messa
g
e
name ICMPv6 messa
g
e
t
yp
e
ICMPv6 messa
g
e code
frag-time-exceeded 3 1
hop-limit-exceeded 3 0
host-admin-prohib 1 1
host-unreachable 1 3
neighbor-advertisement 136 0
neighbor-solicitation 135 0
network-unreachable 1 0
packet-too-big 2 0
port-unreachable 1 4
redirect 137 0
router-advertisement 134 0
router-solicitation 133 0
unknown-ipv6-opt 4 2
unknown-next-hdr 4 1
Description
Use rule to create or edit an IPv6 advanced ACL rule. You can edit ACL rules only when the match order
is config.
Use undo rule to delete an entire IPv6 advanced ACL rule or some attributes in the rule. If no optional
keywords are provided, you delete the entire rule. If optional keywords or arguments are provided, you
delete the specific attributes.
By default, an IPv6 advanced ACL does not contain any rule.
Within an ACL, the permit or deny statement of each rule must be unique. If the ACL rule you are creating
or editing has the same deny or permit statement as another rule in the ACL, your creation or editing
attempt will fail.
To view rules in an ACL and their rule IDs, use the display acl ipv6 all command.
Related commands: acl ipv6, display ipv6 acl, step, and time-range.
Examples
# Create an IPv6 ACL rule to permit TCP packets with the destination port 80 from 2030:5060::/64 to
FE80:5060::/96, and enable logging matching packets.
<Sysname> system-view
[Sysname] acl ipv6 number 3000
[Sysname-acl6-adv-3000] rule permit tcp source 2030:5060::/64 destination fe80:5060::/96
destination-port eq 80 logging
# Create IPv6 advanced ACL rules to permit all IPv6 packets but the ICMPv6 packets destined for
FE80:5060:1001::/48.
<Sysname> system-view
[Sysname] acl ipv6 number 3001
[Sysname-acl6-adv-3001] rule permit ipv6
[Sysname-acl6-adv-3001] rule deny icmpv6 destination fe80:5060:1001:: 48