Support User Manuals

3Com MSR 50 Network Router User Manual

Open as PDF

of 2742

2112 CHAPTER 139: IPV6 ACL CONFIGURATION COMMANDS

Description Use the rule command to create an IPv6 ACL rule or modify the rule if it has

existed.

Use the

undo rule command to remove an IPv6 ACL rule or parameters from the

rule.

With the undo rule command, if no parameters are specified, the entire ACL rule

is removed; if other parameters are specified, only the involved information is

removed.

You will fail to create or modify a rule if its permit/deny statement is exactly the

same as another rule. In addition, if the ACL match order is set to auto rather than

config, you cannot modify ACL rules.

When defining ACL rules, you need not assign them IDs. The system can

automatically assign rule IDs, starting with 0 and increasing in certain rule

numbering steps. A rule ID thus assigned is greater than the current highest rule

ID. For example, if the rule numbering step is 5 and the current highest rule ID is

28, the next rule will be numbered 30. For detailed information about step, refer

to “step (for IPv4)” on page 2100 and “step (for IPv6)” on page 2116.

You may use the display acl ipv6 command to verify rules configured in an IPv6

ACL. If the match order for this IPv6 ACL is auto, rules are displayed in the

depth-first match order rather than by rule number.

Example # Create a rule in IPv6 ACL 3000 to permit the TCP packets with the source

address 2030:5060::9050/64 to pass.

<Sysname> system-view

[Sysname] acl ipv6 number 3000

[Sysname-acl6-adv-3000] rule permit tcp source 2030:5060::9050/64

rule (in simple IPv6 ACL view)

Syntax rule protocol [ addr-flag addr-flag | destination { dest dest-prefix | dest/dest-prefix |

any } | destination-port operator port1 [ port2 ] | dscp dscp | frag-type { fragment |

fragment-subseq | non-fragment | non-subseq } | icmpv6-type { icmpv6-type

icmpv6-code | icmpv6-message } | source { source source-prefix | source/source-prefix |

neighbor-advertisement 136 0

neighbor-solicitation 135 0

network-unreachable 1 0

packet-too-big 2 0

port-unreachable 1 4

router-advertisement 134 0

router-solicitation 133 0

unknown-ipv6-opt 4 2

unknown-next-hdr 4 1

Table 554 Available ICMPv6 messages

ICMPv6 message Type Code

previous next