Ipv6 acl classification, Ipv6 acl naming, Ipv6 acl match order – H3C Technologies H3C WX6000 Series Access Controllers User Manual
Page 407: Depth-first match for a basic ipv6 acl, 5 ipv6 acl naming, 5 ipv6 acl match order
40-5
z
z
z
z
z
Effective Period of an IPv6 ACL
IPv6 ACL Classification
IPv6 ACLs, identified by ACL numbers, fall into three categories, as show in
.
Table 40-2
IPv6 ACL categories
Category
ACL number
Matching criteria
Basic IPv6 ACL
2000 to 2999
Source IPv6 address
Advanced IPv6 ACL
3000 to 3999
Source IPv6 address, destination IPv6 address,
protocol carried on IPv6, and other Layer 3 or
Layer 4 protocol header fields
IPv6 ACL Naming
When creating an IPv6 ACL, you can specify a unique name for it. Afterwards, you can identify the IPv6
ACL by its name.
An IPv6 ACL can have only one name. Whether to specify a name for an ACL is up to you. After creating
an ACL, you cannot specify a name for it, nor can you change or remove the name of the ACL.
The name of an IPv6 ACL must be unique among IPv6 ACLs. However, an IPv6 ACL and an IPv4 ACL
can share the same name.
IPv6 ACL Match Order
Similar to IPv4 ACLs, IPv6 ACLs are sequential collections of rules defined with different matching
parameters. The order in which a packet is matched against the rules in an IPv6 ACL may affect how the
packet is handled.
Like in IPv4 ACLs, the following two match orders are available in IPv6 ACLs:
z
config
: where rules are compared against in the order in which they are configured.
z
auto
: where depth-first match is performed.
Depth-first match for a basic IPv6 ACL
The following shows how your switch performs depth-first match in a basic IPv6 ACL:
1) Sort rules by source IPv6 address wildcard first and compare packets against the rule configured
with a longer prefix in the source IPv6 address wildcard prior to other rules.
2) If two rules are present with the same prefix length in their source IPv6 address wildcards, compare
packets against the rule configured first prior to the other.