beautypg.com

Applying an ipv6 acl for packet filtering – H3C Technologies H3C S12500 Series Switches User Manual

Page 24

background image

15

Applying an IPv6 ACL for packet filtering

Step Command

Remarks

1.

Enter system view.

system-view

N/A

2.

Enter interface view.

interface interface-type
interface-number

N/A

3.

Apply an IPv6 basic or IPv6
advanced ACL to the interface

to filter IPv6 packets.

packet-filter ipv6 { acl6-number |
name acl6-name } { inbound |
outbound }

By default, no IPv6 ACL is applied
to the interface.
On a VLAN interface, an inbound
packet filter handles only Layer 3

unicast packets and an outbound

packet filter handles all packets.
On an Ethernet interface, the
packet filter handles all packets.

Avoid the case that multiple users

configure the packet-filter ipv6
command at the same time.

Otherwise, the configuration might

fail.
When EB or EC2 cards are
operating in standard ACL mode,

the interfaces on these cards do not

support applying IPv6 ACLs to filter
packets.

4.

Exit to system view.

quit

N/A

5.

Set the interval for generating
and outputting IPv6 packet

filtering logs.

acl ipv6 logging frequence
frequence

The default interval is 0. No IPv6
packet filtering logs are generated.

The rule you add to an ACL that has been used by a packet filter cannot take effect if hardware resources
are insufficient or the packet filter does not support the rule. Such rules are marked as uncompleted in the

output from the display acl ipv6 { acl-number | all | name acl-name } slot slot-number command. To

successfully apply the rule, you must delete the rule and reconfigure it when hardware resources are

sufficient.
Follow these guidelines when you configure a packet filter on a VLAN interface:

Use the undo packet-filter ipv6 command to remove the packet filter from the VLAN interface if the
ACL application fails on an interface card, for example, because of hardware resource insufficiency.

The switch applies the packet filter configured on a VLAN interface to the main processing unit and

all interface cards. When an application failure occurs on an interface card, the switch cannot

automatically remove the ACL that has been applied to the main processing unit or any other
interface card.

You must also use the undo packet-filter ipv6 to remove the packet filter if the switch fails to update
the packet filter on an interface card after you edit the ACL rules. If you do not remove the packet

filter, the old ACL rules continue to take effect and the display packet-filter ipv6 command shows the

initial ACL application status.

This manual is related to the following products:
See also other documents in the category H3C Technologies Routers: