H3C S7500E Series Ethernet Switches Operation Manual

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve 8116fl Redundant Switch Fabric Module

991

992

993

994

995

996

997

998

999

1000

Operation Manual – ACL

H3C S7500E Series Ethernet Switches Chapter 3 IPv6 ACL Configuration

3-3

[Sysname] acl ipv6 number 2000

[Sysname-acl6-basic-2000] rule permit source 2030:5060::9050/64

[Sysname-acl6-basic-2000] rule deny source fe80:5060::8050/96

# Verify the configuration.

[Sysname-acl6-basic-2000] display acl ipv6 2000

Basic IPv6 ACL 2000, named -none-, 2 rules,

ACL's step is 5

rule 0 permit source 2030:5060::9050/64

rule 5 deny source FE80:5060::8050/96

3.3 Configuring an Advanced IPv6 ACL

Advanced ACLs filter packets based on the source IPv6 address, destination IPv6

address, protocol carried on IPv6, and other protocol header fields such as the

TCP/UDP source port, TCP/UDP destination port, ICMP message type, and ICMP

message code.

Advanced IPv6 ACLs are numbered in the range 3000 to 3999. Compared with basic

IPv6 ACLs, they allow of more flexible and accurate filtering.

3.3.1 Configuration Prerequisites

If you want to reference a time range to a rule, define it with the time-range command

first.

3.3.2 Configuration Procedure

Follow these steps to configure an advanced IPv6 ACL:

To do… Use the command… Remarks

Enter system view

system-view

––

Create and enter

advanced IPv6

ACL view

acl ipv6 number acl6-number

[ name acl6-name ]

[ match-order { auto |

config } ]

Required

The default match order is

config.

If you specify a name for an

IPv6 ACL when creating the

ACL, you can use the acl

ipv6 name acl6-name

command to enter the view of

the ACL later.