Configuring an ipv6 basic acl – H3C Technologies H3C SR8800 User Manual

7

Step

Command

Remarks

7.

Enable rule match
counting for the IPv4

basic ACL.

hardware-count enable

Optional.
By default, rule match counting is

disabled.

Configuring an IPv6 basic ACL

To configure an IPv6 basic ACL:

Step

Command

Remarks

1.

Enter system view.

system-view

N/A

2.

Create an IPv6 basic ACL
view and enter its view.

acl ipv6 number acl6-number
[ name acl6-name ] [ match-order
{ auto | config } ]

By default, no ACL exists.
IPv6 basic ACLs are numbered in
the range 2000 to 2999.
You can use the acl ipv6 name
acl6-name command to enter the

view of a named IPv6 ACL.

3.

Configure a description for
the IPv6 basic ACL.

description text

Optional.
By default, an IPv6 basic ACL has
no ACL description.

4.

Set the rule numbering step.

step step-value

Optional.
The default setting is 5.

5.

Create or edit a rule.

rule [ rule-id ] { deny | permit }
[ counting | fragment | logging |

source { ipv6-address prefix-length
| ipv6-address/prefix-length |

any } | time-range

time-range-name | vpn-instance
vpn-instance-name ] *

By default, an IPv6 basic ACL does
not contain any rule.
To create or edit multiple rules,
repeat this step.
The logging keyword takes effect

only when the module (for
example, a packet-filter firewall)

using the ACL supports logging.

6.

Configure or edit a rule
description.

rule rule-id comment text

Optional.
By default, an IPv6 basic ACL rule
has no rule description.

7.

Enable rule match counting
for the IPv6 basic ACL.

hardware-count enable

Optional.
By default, rule match counting is
disabled.

NOTE:

When configuring IPv6 basic ACLs for a QoS policy that is to be applied to an SPC card, you must set the
ACL rule length limit to 80 bytes. For more information about the ACL rule length limit, see

ACL and QoS

Command Reference.