Manualshelf

R3721-F3210-F3171-HP High-End Firewalls Access Control Configuration Guide-6PW101

ManualsBrandsHP ManualsComputer AccessoriesHP 7100/7200 IPsec dl Module
21222324252627282930
18
source port number, TCP/UDP destination port number, ICMPv6 message type, and ICMPv6 message
code.
Compared to IPv6 basic ACLs, IPv6 advanced ACLs allow more flexible and accurate filtering.
To configure an IPv6 advanced ACL:
Ste
p
Command Remarks
1. Enter system view. system-view N/A
2. Create an IPv6 advanced
ACL and enter its view.
acl ipv6 number acl6-number [ name
acl6-name ] [ match-order { auto |
config } ]
By default, no ACL exists.
IPv6 advanced ACLs are
numbered in the range 3000 to
3999.
You can use the acl ipv6 name
acl6-name command to enter the
view of a named IPv6 ACL.
3. Configure a description
for the IPv6 advanced
ACL.
description text
Optional.
By default, an IPv6 advanced
ACL has no ACL description.
4. Set the rule numbering
step.
step step-value
Optional.
5 by default.
5. Create or edit a rule.
rule [ rule-id ] { deny | permit } protocol
[ { { ack ack-value | fin fin-value | psh
psh-value | rst rst-value | syn syn-value |
urg urg-value } * | established } |
counting | destination { dest dest-prefix |
dest/dest-prefix | any } |
destination-port operator port1 [ port2 ]
| dscp dscp | flow-label flow-label-value
| fragment | icmp6-type { icmp6-type
icmp6-code | icmp6-message } |
logging | source { source source-prefix |
source/source-prefix | any } |
source-port operator port1 [ port2 ] |
time-range time-range-name |
vpn-instance vpn-instance-name ] *
By default IPv6 advanced ACL
does not contai
n any rule.
To create or edit multiple rules,
repeat this step.
The logging keyword takes effect
only when the module (for
example, a firewall) using the
ACL supports logging.
6. Configure or edit a rule
description.
rule rule-id comment text
Optional.
By default, an IPv6 advanced
ACL rule has no rule description.
Configuring an Ethernet frame header ACL
Ethernet frame header ACLs, also called "Layer 2 ACLs," match packets based on Layer 2 protocol
header fields such as source MAC address, destination MAC address, 802.1p priority (VLAN priority),
and link layer protocol type.
To configure an Ethernet frame header ACL:
Ste
p
Command Remarks
1. Enter system view. system-view N/A