R3303-HP HSR6800 Routers ACL and QoS Command Reference
24
Syntax
rule [ rule-id ] { deny | permit } protocol [ { { ack ack-value | fin fin-value | psh psh-value | rst rst-value
| syn syn-value | urg urg-value } * | established } | counting | destination { dest-address dest-prefix |
dest-address/dest-prefix | any } | destination-port operator port1 [ port2 ] | dscp dscp | flow-label
flow-label-value | fragment | icmp6-type { icmp6-type icmp6-code | icmp6-message } | logging |
routing [ type routing-type ] | source { source-address source-prefix | source-address/source-prefix |
any } | source-port operator port1 [ port2 ] | time-range time-range-name | vpn
-instance
vpn-instance-name ] *
undo rule rule-id [ { { ack | fin | psh | rst | syn | urg } * | established } | counting | destination |
destination-port | dscp | flow-label | fragment | icmp6-type | logging | routing | source |
source-port | time-range | vpn-instance ] *
Default
An IPv6 advanced ACL does not contain any rule.
Views
IPv6 advanced ACL view
Default command level
2: System level
Parameters
rule-id: Specifies a rule ID in the range of 0 to 65534. If no rule ID is provided when you create an ACL
rule, the system automatically assigns it a rule ID. This rule ID takes the nearest higher multiple of the
numbering step to the current highest rule ID, starting from 0. For example, if the rule numbering step is
5 and the current highest rule ID is 28, the rule is numbered 30.
deny: Denies matching packets.
permit: Allows matching packets to pass.
protocol: Specifies a protocol number in the range of 0 to 255, or specifies a protocol by its name, gre
(47), icmpv6 (58), ipv6, ipv6-ah (51), ipv6-esp (50), ospf (89), tcp (6), or udp (17) . The ipv6 keyword
specifies all protocols. Table 10 de
scribes the parameters that you can specify regardless of the value
that the protocol argument takes.
Table 10 Match criteria and other rule information for IPv6 advanced ACL rules
Parameters Function Descri
p
tion
source
{ source-address
source-prefix |
source-address/so
urce-prefix | any }
Specifies a source IPv6
address.
The source-address and source-prefix arguments represent
an IPv6 source address, and prefix length in the range of 1
to 128.
The any keyword represents any IPv6 source address.
destination
{ dest-address
dest-prefix |
dest-address/dest-
prefix | any }
Specifies a destination IPv6
address.
The dest-address and dest-prefix arguments represent a
destination IPv6 address, and prefix length in the range of
1 to 128.
The any keyword specifies any IPv6 destination address.
counting
Counts the number of times
the ACL rule has been
matched. This option is
disabled by default.
N/A