R2511-HP MSR Router Series ACL and QoS Command Reference(V5)
26
Examples
# Create an IPv6 basic ACL rule to deny the packets from any source IP segment but 1001::/16,
312 4 :1123::/32, or FE80:5060:1001::/48.
<Sysname> system-view
[Sysname] acl ipv6 number 2000
[Sysname-acl6-basic-2000] rule permit source 1001:: 16
[Sysname-acl6-basic-2000] rule permit source 3124:1123:: 32
[Sysname-acl6-basic-2000] rule permit source fe80:5060:1001:: 48
[Sysname-acl6-basic-2000] rule deny source any
Related commands
• acl ipv6
• display ipv6 acl
• step
• time-range
rule (simple ACL view)
Use rule to create or edit a simple ACL rule.
Use undo rule to delete an entire simple ACL rule or some attributes in the rule. If no optional keywords
are provided, this command deletes the entire rule. If optional keywords or arguments are provided, this
command deletes the specified attributes.
Syntax
rule protocol [ addr-flag addr-flag | destination { dest-address dest-prefix | dest-address/dest-prefix |
any } | destination-port operator port1 [ port2 ] | dscp dscp | frag-type { fragment | fragment-subseq
| non-fragment | non-subseq } | icmp6-type { icmp6-type icmp6-code | icmp6-message } | source
{ source-address source-prefix | source-address/source-prefix | any } | source-port operator port1
[ port2 ] | tcp-type { tcpurg | tcpack | tcppsh | tcprst | tcpsyn | tcpfin } ] *
undo rule [ addr-flag | destination | destination-port | dscp | frag-type | icmp6-type | source |
source-port | tcp-type ] *
Default
A simple ACL does not contain any rule.
Views
Simple ACL view
Default command level
2: System level
Parameters
protocol: Matches protocol carried over IPv6. It can be a number in the range of 0 to 255, or in words,
gre (47), icmpv6 (58), ipv6, ipv6-ah (51), ipv6-esp (50), ospf (89), tcp (6), udp (17) . If you specif y a
number, add keyword protocol before the number. Table 12 d
escribes the parameters that you can
specify regardless of the value that the protocol argument takes.