Operation Manual – ACL
H3C S3610&S5510 Series Ethernet Switches
Chapter 3 IPv6 ACL Configuration
3-2
To do…
Use the command…
Remarks
Create or modify a
rule
rule
[
rule-id
] {
deny
|
permit
} [
fragment
|
logging
|
source
{
ipv6-address
prefix-length
| ipv6-address
/
prefix-length
| any
} |
time-range
time-name
] *
Required
To create multiple rules,
repeat this step.
Set a rule numbering
step
step
step-value
Optional
The default step is 5.
Create an IPv6 ACL
description
description
text
Optional
By default, no IPv6 ACL
description is present.
Create a rule
description
rule rule-id comment text
Optional
By default, no rule description
is present.
Note that:
z
You will fail to create or modify a rule if its permit/deny statement is exactly the
same as another rule. In addition, if the ACL match order is set to
auto
rather than
config
, you cannot modify ACL rules.
z
When defining ACL rules, you need not assign them IDs. The system can
automatically assign rule IDs starting with 0 and increasing in certain rule
numbering steps. A rule ID thus assigned is greater than the current highest rule
ID. For example, if the rule numbering step is five and the current highest rule ID is
28, the next rule will be numbered 30. For detailed information about step, refer to
the
step
command.
z
You may use the
display acl
command to verify rules configured in an ACL. If the
match order for this ACL is
auto
, rules are displayed in the depth-first match order
rather than by rule number.
Caution:
z
You can modify the match order of an IPv6 ACL with the
acl ipv6 number
acl6-number
[
name
acl6-name
]
match-order
{
auto
|
config
} command but only
when it does not contain any rules.
z
The rule specified in the
rule comment
command must have existed.