Configuring an ipv6 advanced acl – H3C Technologies H3C WX3000E Series Wireless Switches User Manual

Page 14

To do…

Use the command…

Remarks

Add or edit a rule comment

rule rule-id comment text

Optional
By default, an IPv4 advanced ACL

rule has no rule description.

Configuring an IPv6 advanced ACL

IPv6 advanced ACLs match packets based on the source IPv6 addresses, destination IPv6 addresses,

packet priorities, protocols carried over IPv6, and other protocol header fields such as the TCP/UDP

source port number, TCP/UDP destination port number, ICMPv6 message type, and ICMPv6 message

code.
Compared to IPv6 basic ACLs, IPv6 advanced ACLs allow more flexible and accurate filtering.
Follow these steps to configure an IPv6 advanced ACL:

To do…

Use the command…

Remarks

Enter system view

system-view

––

Create an IPv6 advanced ACL
and enter its view

acl ipv6 number acl6-number [ name
acl6-name ] [ match-order { auto |

config } ]

Required
By default, no ACL exists.
IPv6 advanced ACLs are
numbered in the range 3000 to

3999.
You can use the acl ipv6 name

acl6-name command to enter the
view of a named IPv6 ACL.

Configure a description for the
IPv6 advanced ACL

description text

Optional
By default, an IPv6 advanced
ACL has no ACL description.

Set the rule numbering step

step step-value

Optional
5 by default.

Create or edit a rule

rule [ rule-id ] { deny | permit } protocol
[ { { ack ack-value | fin fin-value | psh

psh-value | rst rst-value | syn syn-value |
urg urg-value } * | established } |

destination { dest dest-prefix |

dest/dest-prefix | any } |
destination-port operator port1 [ port2 ]

| dscp dscp | fragment | icmpv6-type

{ icmpv6-type icmpv6-code |
icmpv6-message } | source { source

source-prefix | source/source-prefix |

any } | source-port operator port1
[ port2 ] | time-range time-range-name ]

Required
By default IPv6 advanced ACL
does not contain any rule.
The flow-label and fragment