15-4
z
When the ACL match order is
auto
, a newly created rule will be inserted among the existing rules
in the depth-first match order. Note that the IDs of the rules still remain the same.
z
You can modify the match order of an IPv6 ACL with the
acl ipv6 number
acl6-number
[
name
acl6-name
]
match-order
{
auto
|
config
} command, but only when the ACL does not contain any
rules.
z
The rule specified in the
rule comment
command must already exist.
Configuration Example
# Configure IPv6 ACL 3000 to permit TCP packets with the source address of 2030:5060::9050/64.
<Sysname> system-view
[Sysname] acl ipv6 number 3000
[Sysname-acl6-adv-3000] rule permit tcp source 2030:5060::9050/64
# Verify the configuration.
[Sysname-acl6-adv-3000] display acl ipv6 3000
Advanced IPv6 ACL 3000, named -none-, 1 rule,
ACL's step is 5
rule 0 permit tcp source 2030:5060::9050/64 (5 times matched)
Copying an IPv6 ACL
This feature allows you to copy an existing IPv6 ACL to generate a new one, which is of the same type
and has the same match order, rules, rule numbering step, and descriptions as the source IPv6 ACL.
Configuration Prerequisites
Make sure that the source IPv6 ACL exists while the destination IPv6 ACL does not.
Configuration Procedure
Follow these steps to copy an IPv6 ACL:
To do…
Use the command…
Remarks
Enter system view
system-view
—
Copy an existing IPv6 ACL
to generate a new one of
the same type
acl ipv6 copy
{
source-acl6-number
|
name
source-acl6-name
}
to
{
dest-acl6-number
|
name dest-acl6-name
}
Required