H3C S7500E Series Ethernet Switches Operation Manual

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve 8116fl Redundant Switch Fabric Module

991

992

993

994

995

996

997

998

999

1000

Operation Manual – ACL

H3C S7500E Series Ethernet Switches Chapter 3 IPv6 ACL Configuration

3-2

To do… Use the command… Remarks

Create or modify a

rule

rule [ rule-id ] { deny |

permit } [ fragment |

logging | source

{ ipv6-address

prefix-length |

ipv6-address/prefix-length

| any } | time-range

time-name ] *

Required

To create multiple rules,

repeat this step.

Note that the logging and

fragment keywords are not

supported if the ACL is to be

referenced by a QoS policy for

traffic classification.

Set a rule numbering

step

step step-value

Optional

The default step is 5.

Create an IPv6 ACL

description

description text

Optional

By default, no IPv6 ACL

description is present.

Create a rule

description

rule rule-id comment text

Optional

By default, no rule description

is present.

Note that:

z You will fail to create or modify a rule if its permit/deny statement is exactly the

same as another rule. In addition, if the ACL match order is set to auto rather than

config, you cannot modify ACL rules.

z You may use the display acl command to verify rules configured in an ACL. If the

match order for this ACL is auto, rules are displayed in the depth-first match order

rather than by rule number.

Caution:

z You can modify the match order of an IPv6 ACL with the acl ipv6 number

acl6-number [ name acl6-name ] match-order { auto | config } command but only

when it does not contain any rules.

z The rule specified in the rule comment command must have existed.

3.2.3 Configuration Examples

# Create IPv6 ACL 2000 to permit IPv6 packets with source address

2030:5060::9050/64 to pass while denying IPv6 packets with source address

fe80:5060::8050/96.

<Sysname> system-view