beautypg.com

H3C Technologies H3C WX6000 Series Access Controllers User Manual

Page 528

background image

45-16

Table 45-14

describes the configuration items for creating a rule for an advanced IPv6 ACL.

Table 45-14 Configuration items for an advanced IPv6 ACL rule

Item

Description

Select Access Control List (ACL)

Select the advanced IPv6 ACL for which you want to configure rules.

Available ACLs are advanced IPv6 ACLs that have been configured.

Rule ID

Select the Rule ID check box and type a number for the rule.

If you do not specify the rule number, the system will assign one
automatically.

Operation

Select the operation to be performed for IPv6 packets matching the
rule.

Permit: Allows matched packets to pass.

Deny: Drops matched packets.

Check Fragment

Select this check box to apply the rule to only non-first fragments.

If you do no select this check box, the rule applies to all fragments and
non-fragments.

Check Logging

Select this check box to keep a log of matched IPv6 packets.

A log entry contains the ACL rule number, operation for the matched
packets, protocol that IP carries, source/destination address,
source/destination port number, and number of matched packets.

Source IP Address

Source Prefix

Select the Source IP Address check box and type a source IPv6
address and prefix length.

The IPv6 address must be in a format like X:X::X:X. An IPv6 address
consists of eight 16-bit long fields, each of which is expressed with two
hexadecimal numbers and separated from its neighboring fields by
colon (:).

Destination IP Address

IP
Address
Filter

Destination Prefix

Select the Destination IP Address check box and type a destination
IPv6 address and prefix length.

The IPv6 address must be in a format like X:X::X:X. An IPv6 address
consists of eight 16-bit long fields, each of which is expressed with two
hexadecimal numbers and separated from its neighboring fields by
colon (:).

Protocol

Select the protocol to be carried by IP.

If you select 58 ICMPv6, you can configure the ICMP message type
and code; if you select 6 TCP or 17 UDP, you can configure the TCP or
UDP specific items.

Named ICMPv6 Type

ICMPv6 Type

ICMPv6
Type

ICMPv6 Code

Specify the ICMPv6 message type and code.

These items are available only when you select 58 ICMPv6 from the
Protocol drop-down box.

If you select Other from the Named ICMPv6 Type drop-down box, you
need to type values in the ICMPv6 Type and ICMPv6 Code fields.
Otherwise, the two fields will take the default values, which cannot be
changed.

Operator

Port

Source

To Port

Operator

Port

TCP/UDP
Port

Destination

Port

Select the operators and type the source port numbers and destination
port numbers as required.

These items are available only when you select 6 TCP or 17 UDP from
the Protocol drop-down box.

Different operators have different configuration requirements for the
port number fields:

Not Check: The following port number fields cannot be configured.

Range: The following port number fields must be configured to
define a port range.

Other values: The first port number field must be configured and
the second must not.