beautypg.com

Configuration prerequisites, Configuration procedure, 3 configuration procedure – H3C Technologies H3C WX6000 Series Access Controllers User Manual

Page 420

background image

42-3

Configuration Prerequisites

If you want to reference a time range to a rule, define it with the time-range command first.

Configuration Procedure

Follow these steps to configure an advanced IPv6 ACL:

To do…

Use the command…

Remarks

Enter system view

system-view

––

Create and enter advanced IPv6
ACL view

acl ipv6

number acl6-number

[ name acl6-name ] [ match-order
{ auto | config } ]

Required
The default match order is config.
If you specify a name for an IPv6
ACL when creating the ACL, you
can use the acl ipv6 name
acl6-name

command to enter the

view of the ACL later.

Create or modify a rule

rule

[ rule-id ] { deny | permit }

protocol

[ destination { dest

dest-prefix | dest/dest-prefix | any

}

| destination-port operator port1
[ port2 ] | dscp dscp | fragment |
icmpv6-type

{ icmpv6-type

icmpv6-code

| icmpv6-message } |

logging

| source { source

source-prefix |
source/source-prefix

| any } |

source-port operator port1

[ port2 ] | time-range time-name ] *

Required
To create multiple rules, repeat this
step.
Note that if the ACL is to be
referenced by a QoS policy for
traffic classification, the logging
and fragment keywords are not
supported and the operator
argument cannot be neq.

Set a rule numbering step

step

step-value

Optional
The default step is 5.

Create an ACL description

description

text

Optional
By default, no IPv6 ACL
description is present.

Create a rule description

rule rule-id comment text

Optional
By default, no rule description is
present.

Note that:

z

You will fail to create or modify a rule if its permit/deny statement is exactly the same as another
rule. In addition, if the ACL match order is set to auto rather than config, you cannot modify ACL
rules.

z

You may use the display acl command to verify rules configured in an ACL. If the match order for
this ACL is auto, rules are displayed in the depth-first match order rather than by rule number.

See also other documents in the category H3C Technologies Routers: