4000 Router Series ACL and QoS Command Reference

If no optional keywords are provided in the undo rule command, you delete the entire rule. If optional

keywords or arguments are provided, you delete the specified attributes.

To view rules in an ACL and their rule IDs, use the display acl ipv6 all command.

Examples

# Create an IPv6 advanced ACL rule to permit TCP packets with the destination port 80 from

2030:5060::/64 to FE80:5060::/96.

<Sysname> system-view

[Sysname] acl ipv6 number 3000

[Sysname-acl6-adv-3000] rule permit tcp source 2030:5060::/64 destination fe80:5060::/96

destination-port eq 80

# Create IPv6 advanced ACL rules to permit all IPv6 packets but the ICMPv6 packets destined for

FE80:5060:1001::/48.

<Sysname> system-view

[Sysname] acl ipv6 number 3001

[Sysname-acl6-adv-3001] rule deny icmpv6 destination fe80:5060:1001:: 48

[Sysname-acl6-adv-3001] rule permit ipv6

# Create IPv6 advanced ACL rules to permit inbound and outbound FTP packets.

<Sysname> system-view

[Sysname] acl ipv6 number 3002

[Sysname-acl6-adv-3002] rule permit tcp source-port eq ftp

[Sysname-acl6-adv-3002] rule permit tcp source-port eq ftp-data

[Sysname-acl6-adv-3002] rule permit tcp destination-port eq ftp

[Sysname-acl6-adv-3002] rule permit tcp destination-port eq ftp-data

# Create IPv6 advanced ACL rules to permit inbound and outbound SNMP and SNMP trap packets.

<Sysname> system-view

[Sysname] acl ipv6 number 3003

[Sysname-acl6-adv-3003] rule permit udp source-port eq snmp

[Sysname-acl6-adv-3003] rule permit udp source-port eq snmptrap

[Sysname-acl6-adv-3003] rule permit udp destination-port eq snmp

[Sysname-acl6-adv-3003] rule permit udp destination-port eq snmptrap

Related commands

• acl

• acl logging interval

• display acl

• step

• time-range

rule (IPv6 basic ACL view)

Use rule to create or edit an IPv6 basic ACL rule.

Use undo rule to delete an entire IPv6 basic ACL rule or some attributes in the rule.