R2511-HP MSR Router Series ACL and QoS Configuration Guide(V5)
11
Ste
p
Command Remarks
4. Create or edit a rule.
rule [ rule-id ] { deny | permit } [ { l2
rule-string rule-mask offset }&<1-8> ]
[ counting | time-range
time-range-name ] *
By default, a user-defined ACL does not
include any rule.
5. Add or edit a rule
comment.
rule rule-id comment text
Optional.
By default, no rule comments are
configured.
6. Add or edit a rule
range remark.
rule [ rule-id ] remark text
Optional.
By default, no rule range remarks are
configured.
Configuring a simple ACL
Simple ACLs can filter packets based on criteria available with IPv6 advanced ACLs, including source
and destination IPv6 addresses, protocols over IPv6, packet priorities, and other protocol header
information such as TCP/UDP source and destination port numbers, ICMPv6 message types, and
ICMPv6 message codes.
Simple ACLs can also use source-destination IPv6 address combination, more TCP flags, and
fragmentation flags to provide more granular traffic matching than IPv6 advanced ACLs.
To configure a simple ACL:
Ste
p
Command
Remarks
1. Enter system view.
system-view N/A
2. Create a simple ACL
and enter its view.
acl ipv6 number acl6-number
By default, no ACL exists.
Simple ACLs are numbered in the
range of 10000 to 42767.
3. Configure a
description for the
simple ACL.
description text
Optional.
By default, a simple ACL has no
ACL description.
4. Create or edit a rule.
rule protocol [ addr-flag addr-flag |
destination { dest-address dest-prefix |
dest-address/dest-prefix | any } |
destination-port operator port1 [ port2 ] |
dscp dscp | frag-type { fragment |
fragment-subseq | non-fragment |
non-subseq } | icmp6-type { icmp6-type
icmp6-code | icmp6-message } | source
{ source-address source-prefix |
source-address/source-prefix | any } |
source-port operator port1 [ port2 ] |
tcp-type { tcpurg | tcpack | tcppsh | tcprst |
tcpsyn | tcpfin } ] *
By default, a simple ACL does not
include any rule.
Only one rule can be defined in a
simple ACL.