3Com S7902E Command Reference Manual - page 1951
1-27
For a basic IPv6 ACL to be referenced by a QoS policy for traffic classification, the
logging
and
fragment
keywords are not supported.
Examples
# Create rules in IPv6 ACL 2000, to permit packets with source address being 2030:5060::9050/64 to
pass.
[Sysname] acl ipv6 number 2000
[Sysname-acl6-basic-2000] rule permit source 2030:5060::9050/64
rule (in advanced IPv6 ACL view)
Syntax
rule
[
rule-id
] {
deny
|
permit
}
protocol
[
destination
{
dest dest-prefix | dest/dest-prefix | any
} |
destination-port operator port1
[
port2
] |
dscp
dscp | fragment
|
icmpv6-type
{
icmpv6-type
icmpv6-code
|
icmpv6-message
} |
logging
|
source
{
source source-prefix | source/source-prefix | any
}
|
source-port operator port1
[
port2
] |
time-range
time-range-name
] *
undo
rule
rule-id
[
destination | destination-port
|
dscp | fragment
|
icmpv6-type | logging
|
source
|
source-port
|
time-range
] *
View
Advanced IPv6 ACL view
Default Level
2: System level
Parameters
rule-id
: IPv6 ACL rule number in the range 0 to 65534.
deny
: Defines a deny statement to drop matched packets.
permit
: Defines a permit statement to allow matched packets to pass.
protocol
: Protocol carried on IPv6. It can be a number in the range 0 to 255, or in words,
gre
(47),
icmpv6
(58),
ipv6
,
ipv6-ah
(51),
ipv6-esp
(50),
ospf
(89),
tcp
(6),
udp
(17).
Table 1-9
Match criteria and other rule information for advanced IPv6 ACL rules
Parameters
Function
Description
source
{
source source-prefix |
source/source-prefix
|
any
}
Specifies a source IPv6
address.
The
source
and
source-prefix
arguments specify an IPv6
source address and its prefix
length in the range 1 to 128.
The
any
keyword indicates any
IPv6 source address.