3Com Switch 8800 Advanced Software V5 Configuration Guide

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve 9400sl 4-Port 10-GbE Module

811

812

813

814

815

816

817

818

819

820

Configuring an Advanced IPv6 ACL 817

You will fail to create or modify a rule if its permit/deny statement is exactly the

same as another rule. In addition, if the ACL match order is set to auto rather than

config, you cannot modify ACL rules.

When defining ACL rules, you need not assign them IDs. The system can

automatically assign rule IDs, starting with 0 and increasing in certain rule

numbering steps. A rule ID thus assigned is greater than the current highest rule

ID. For example, if the rule numbering step is 5 and the current highest rule ID is

28, the next rule will be numbered 30.

You may use the display acl ipv6 command to verify rules configured in an IPv6

ACL. If the match order for this IPv6 ACL is auto, rules are displayed in the

depth-first match order rather than by rule number.

CAUTION:

■ You can modify the match order of an IPv6 ACL with the acl ipv6 number

acl6-number match-order { auto | config } command but only when it does

not contain any rules.

■ The rule specified in the rule comment command must have existed.

■ When creating an IPv6 ACL rule, you cannot specify the fragment keyword

and the protocol argument at the same time.

Configuration Example # Create IPv6 ACL 3000 to permit the TCP packets with the source address

2030:5060::9050/64 to pass.

<Sysname> system-view

[Sysname] acl ipv6 number 3000

[Sysname-acl6-adv-3000] rule permit tcp source 2030:5060::9050/64

# Verify the configuration.

Create and enter advanced

IPv6 ACL view

acl ipv6 number acl6-number

[ match-order { auto | config

} ]

Required

The default match order is

config.

Create or modify a rule rule [ rule-id ] { deny | permit

} protocol [ destination { dest

dest-prefix | dest/dest-prefix |

any } | destination-port

operator port1 [ port2 ] | dscp

dscp | fragment |

icmpv6-type { icmpv6-type

icmpv6-code |

icmpv6-message } | logging |

source { source source-prefix |

source/source-prefix | any } |

source-port operator port1 [

port2 ] | time-range

time-name ] *

Required

To create multiple rules,

repeat this step.

Set a rule numbering step step step-value Optional

The default step is 5.

Create an ACL description description text Optional

Create a rule description rule rule-id comment text Optional

To do... Use the command... Remarks