beautypg.com

Configuration procedure – H3C Technologies H3C S3600 Series Switches User Manual

Page 718

background image

1-13

Configuration procedure

Follow these steps to define an IPv6 ACL rule:

Operation

Command

Description

Enter system view

system-view

Create an IPv6 ACL and
enter IPv6 ACL view

acl number acl-number

Required

Define an ACL rule

rule [ rule-id ] { deny |
permit } [ cos rule-string
rule-mask ] [ dest-ip
ipv6-address prefix-length ]
[ dest-mac rule-string
rule-mask ] [ double-tag ]
[ dscp rule-string
rule-mask ] [ ip-protocol
rule-string rule-mask ]
[ ipv6-type ] [ src-ip
ipv6-address prefix-length ]
[ src-mac rule-string
rule-mask ] [ vlan
rule-string rule-mask ]
[ [ src-port rule-string
rule-mask | dest-port
rule-string rule-mask ] * |
[ icmpv6-type rule-string
rule-mask | icmpv6-code
rule-string rule-mask ] * ]
[ time-range time-name ]

Required

To specify the src-port or
dest-port keyword in the
command, you need to
specify the ip-protocol
rule-string rule-mask
combination as TCP or
UDP, that is, 0x06 or 0x11.
To specify the icmpv6-type
or icmpv6-code keyword,
you need to specify the
ip-protocol rule-string
rule-mask combination as
ICMPv6, that is, 0x3a.

Assign a description string
to the ACL rule

rule rule-id comment text

Optional

No description by default

Assign a description string
to the ACL

description text

Optional

No description by default

Note that:

z

You can modify any existent rule of an IPv6 ACL. If you modify only the action to be

taken or the time range, the unmodified part of the rule remains the same. If you modify

the contents of a user-defined string, the new string overwrites the original one.

z

If you do not specify the rule-id argument when creating an ACL rule, the rule will be

numbered automatically. If the ACL has no rules, the rule is numbered 0; otherwise, the

number of the rule will be the greatest rule number plus one. If the current greatest rule

number is 65534, however, the system will display an error message and you need to

specify a number for the rule.

z

The content of a modified or created rule cannot be identical with the content of any

existing rule of the ACL; otherwise the rule modification or creation will fail, and the

system prompts that the rule already exists.

This manual is related to the following products:
See also other documents in the category H3C Technologies Routers: