3Com S7902E Command Reference Manual - page 1955
1-31
z
You will fail to create or modify a rule if its permit/deny statement is exactly the same as another
rule. In addition, if the ACL match order is set to
auto
rather than
config
, you cannot modify ACL
rules.
z
When defining ACL rules, you need not assign them IDs. The system can automatically assign rule
IDs, starting with 0 and increasing in certain rule numbering steps. A rule ID thus assigned is
greater than the current highest rule ID. For example, if the rule numbering step is 5 and the current
highest rule ID is 28, the next rule will be numbered 30.
z
You may use the
display acl ipv6
command to verify rules configured in an IPv6 ACL. If the match
order for this IPv6 ACL is
auto
, rules are displayed in the depth-first match order rather than by rule
number.
For an advanced IPv6 ACL to be referenced by a QoS policy for traffic classification:
z
The
logging
and
fragment
keywords are not supported.
z
The operator cannot be
neq
if the ACL is for the inbound traffic.
z
The operator cannot be
gt
,
lt
,
neq
, or
range
if the ACL is for the outbound traffic.
Examples
# Create a rule in IPv6 ACL 3000 to permit the TCP packets with the source address
2030:5060::9050/64 to pass.
[Sysname] acl ipv6 number 3000
[Sysname-acl6-adv-3000] rule permit tcp source 2030:5060::9050/64
rule comment (for IPv6)
Syntax
rule rule-id comment text
undo rule rule-id comment
View
Basic IPv6 ACL view, advanced IPv6 ACL view
Default Level
2: System level
Parameters
rule-id
: IPv6 ACL rule number in the range 0 to 65534.
text
: IPv6 ACL rule description, a case-sensitive string of 1 to 127 characters.
Description
Use the
rule comment
command to create a rule description for an existing ACL rule or modify the rule
description of an ACL rule to, for example, describe the purpose of the ACL rule or its attributes.