Introduction to ipv6 acl, Ipv6 acl categories, Ipv6 acl match order – H3C Technologies H3C WX6000 Series Access Controllers User Manual

45-3

Standard match and exact match of ACLs containing advanced information such as TCP/UDP port

number and ICMP type. The default is standard match.

Standard match considers only Layer 3 information.

Exact match considers all header information defined in ACL rules.

These two ACL rule matching approaches are available only on firewalls.

Introduction to IPv6 ACL

Support of the H3C WX series access controllers for IPv6 ACL may vary by device model. Refer to

section "Feature Matrixes" in Compatibility Matrixes for details.

IPv6 ACL categories

IPv6 ACLs, identified by ACL numbers, fall into two categories, as shown in

Table 45-3

.

Table 45-3 IPv6 ACL categories

Category

ACL number

Matching criteria

Basic IPv6 ACL

2000 to 2999

Source IPv6 address

Advanced IPv6 ACL

3000 to 3999

Source IPv6 address, destination IPv6 address,
protocol carried over IPv6, and other Layer 3 or
Layer 4 protocol header information

IPv6 ACL Match Order

An ACL may consist of multiple rules, which specify different matching criteria. These criteria may have

overlapping or conflicting parts. The match order is for determining how packets should be matched

against the rules.

There are two types of IPv6 ACL match orders:

config: Packets are compared against ACL rules in the order the rules are configured.

auto: Packets are compared against ACL rules in the depth-first match order.

The term depth-first match has different meanings for different types of IPv6 ACLs, as shown in

Table

45-4

.