Configuring an ipv6 basic acl – H3C Technologies H3C S7500E Series Switches User Manual
Page 18
1-8
z
You cannot create a rule with, or modify a rule to have, the same permit/deny statement as an
existing rule in the ACL.
z
When the ACL match order is auto, a newly created rule will be inserted among the existing rules
in the depth-first match order. Note that the IDs of the rules still remain the same.
You can modify the match order of an ACL with the acl number acl-number [ name acl-name ]
match-order { auto | config } command but only when it does not contain any rules.
Configuring an IPv6 basic ACL
Follow these steps to configure an IPv6 basic ACL:
To do…
Use the command…
Remarks
Enter system view
system-view
––
Create an IPv6 basic ACL view
and enter its view
acl ipv6 number acl6-number
[ name acl6-name ] [ match-order
{ auto | config } ]
Required
By default, no ACL exists.
IPv6 basic ACLs are numbered in
the range 2000 to 2999.
You can use the acl ipv6 name
acl6-name command to enter the
view of an existing named IPv6
ACL.
Configure a description for the
IPv6 basic ACL
description text
Optional
By default, an IPv6 basic ACL has
no ACL description.
Set the rule numbering step
step step-value
Optional
5 by default
Create or edit a rule
rule [ rule-id ] { deny | permit }
[ fragment | logging | source
{ ipv6-address prefix-length |
ipv6-address/prefix-length | any } |
time-range time-range-name ]*
Required
By default, an IPv6 basic ACL
does not contain any rule.
To create or edit multiple rules,
repeat this step.
Note that the logging and
fragment keywords are not
supported if the ACL is to be
referenced by a QoS policy for
traffic classification.