H3C LS-3100-52P-OVS-H3 Operation Manual - Ipv6 Acl Configuration
3-1
3
IPv6 ACL Configuration
When configuring IPv6 ACLs, go to these sections for information you are interested in:
z
Creating a Time Range
z
Configuring a Basic IPv6 ACL
z
Configuring an Advanced IPv6 ACL
z
Copying an IPv6 ACL
z
Displaying and Maintaining IPv6 ACLs
z
IPv6 ACL Configuration Example
Creating a Time Range
Refer to
Creating a Time Range
.
Configuring a Basic IPv6 ACL
Basic IPv6 ACLs match packets based on only source IPv6 address. They are numbered in the range
2000 to 2999.
Configuration Prerequisites
If you want to reference a time range in a rule, define it with the time-range command first.
Configuration Procedure
Follow these steps to configure an IPv6 ACL:
To do…
Use the command…
Remarks
Enter system view
system-view
––
Create a basic IPv6
ACL view and enter its
view
acl ipv6 number
acl6-number [ name
acl6-name ][ match-order
{ auto | config } ]
Required
The default match order is config.
If you specify a name for an IPv6 ACL
when creating the ACL, you can use the
acl ipv6 name acl6-name command to
enter the view of the ACL later.
Create or modify a rule
rule [ rule-id ] { deny |
permit } [ fragment |
logging | source
{ ipv6-address prefix-length |
ipv6-address/prefix-length|
any } | time-range
time-range-name ] *
Required
To create or modify multiple rules, repeat
this step.
Note that the logging and fragment
keywords are not supported if the ACL is
to be referenced by a QoS policy for traffic
classification.
Set the rule numbering
step
step step-value
Optional
5 by default