Operation Manual – ACL
H3C S3610&S5510 Series Ethernet Switches
Chapter 3 IPv6 ACL Configuration
3-4
To do…
Use the command…
Remarks
Enter system
view
system-view
––
Create and enter
advanced IPv6
ACL view
acl ipv6
number
acl6-number
[
name
acl6-name
]
[
match-order
{
auto
|
config
} ]
Required
The default match order is
config
.
If you specify a name for an
IPv6 ACL when creating the
ACL, you can use the
acl
ipv6
name
acl6-name
command to
enter the view of the ACL later.
Create or modify
a rule
rule
[
rule-id
] {
deny
|
permit
}
protocol
[
destination
{
dest
dest-prefix | dest/dest-prefix |
any
} |
destination-port
operator port1
[
port2
] |
dscp
dscp | fragment
|
icmpv6-type
{
icmpv6-type
icmpv6-code
|
icmpv6-message
} |
logging
|
source
{
source source-prefix
| source/source-prefix | any
} |
source-port operator port1
[
port2
] |
time-range
time-name
] *
Required
To create multiple rules,
repeat this step.
Set a rule
numbering step
step
step-value
Optional
The default step is 5.
Create an ACL
description
description
text
Optional
By default, no IPv6 ACL
description is present.
Create a rule
description
rule rule-id comment text
Optional
By default, no rule description
is present.
Note that:
z
You will fail to create or modify a rule if its permit/deny statement is exactly the
same as another rule. In addition, if the ACL match order is set to
auto
rather than
config
, you cannot modify ACL rules.
z
When defining ACL rules, you need not assign them IDs. The system can
automatically assign rule IDs starting with 0 and increasing in certain rule
numbering steps. A rule ID thus assigned is greater than the current highest rule
ID. For example, if the rule numbering step is five and the current highest rule ID is
28, the next rule will be numbered 30. For detailed information about step, refer to
the
step
command.