No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

AR500, AR510, and AR530 V200R007 Commands Reference

This document describes all the configuration commands of the device, including the command function, syntax, parameters, views, default level, usage guidelines, examples, and related commands.
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
rule (basic ACL6 view)

rule (basic ACL6 view)

Function

The rule command adds or modifies basic ACL6 rules.

The undo rule command deletes an ACL6 rule.

By default, there is no basic ACL6 rule.

NOTE:

AR502G-L-D-H, AR502GR-L-D-H, AR510 series do not support IPv6 ACL.

Format

rule [ rule-id ] { deny | permit } [ [ fragment | none-first-fragment ] | source { source-ipv6-address prefix-length | source-ipv6-address/prefix-length | any } | logging | time-range time-name ] *

undo rule rule-id [ [ fragment | none-first-fragment ] | source | logging | time-range ] *

Parameters

Parameter Description Value
rule-id Specifies the ID of a rule.
  • If the specified rule ID has been created, the new rule is added to the rule with this ID, that is, the old rule is modified. If the specified rule ID does not exist, the device creates a rule and determines the position of the rule according to the ID.
  • If the rule ID is not specified, the device allocates an ID to the new rule. The rule IDs are sorted in ascending order. The device automatically allocates IDs according to the step. The step value is set by using the step command.
NOTE:

ACL6 rule IDs assigned automatically by the device starts from the step value. The default step value is 5. With this step value, the device creates ACL6 rules with IDs being 5, 10, 15, and so on.

The specified rule-id is valid only when the config mode is used. When the auto mode is used, the specified rule-id is invalid, and the device automatically assigns rule IDs to the ACL6 rules using the depth first algorithm.

The value is an integer that ranges from 0 to 4294967294.
deny Indicates to drop packets conforming to certain conditions. -
permit Indicates to forward packets conforming to certain conditions. -
logging
Specifies the log recording the IP information, port number, and protocol type of the packets that match the rule.
NOTE:
The logging only takes effect when the traffic-filter command references ACLs.
-
fragment

Indicates that the rule is valid for all fragments. If this parameter is specified, the rule is valid for all fragments.

-
none-first-fragment

Indicates that the rule is valid for only non-initial fragments. If this parameter is specified, the rule is valid for only non-initial fragments.

NOTE:
The rules that do not contain fragment and none-first-fragment parameters are valid for all packets.
-
source { source-ipv6-address prefix-length | source-ipv6-address/prefix-length } Indicates the source address and prefix of a packet. source-ipv6-address indicates the source address and is expressed in hexadecimal notation. prefix-length is an integer that ranges from 1 to 128.
any Indicates any source address. -
time-range time-name Indicates that the configured ACL6 rule is effective only in the specified time range. time-name indicates the name of the time range during which the ACL6 rule takes effect.
NOTE:

When you specify the time-range parameter to reference a time range to the ACL6, if the specified time-name does not exit, the ACL6 does not take effect.

The value of time-name is a string of 1 to 32 characters.

Views

Basic ACL6 view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

A basic ACL6 matches packets based on information such as source IP addresses, fragment flags, and time ranges.

Prerequisites

An ACL6 has been created before the rule is configured.

Precautions

If the specified rule ID already exists and the new rule conflicts with the original rule, the new rule replaces the original rule.

To modify an existing rule, delete the old rule, and then create a new rule. Otherwise, the configuration result may be incorrect.

When you use the undo rule command to delete an ACL6 rule, the rule ID must exist. If the rule ID is unknown, you can use the display acl ipv6 command to view the rule ID.

The undo rule command deletes an ACL6 rule even if the ACL6 rule is referenced. Exercise caution when you run the undo rule command.

Example

# Add a rule for the ACL6 with a number of 2000 to prohibit the passing of packets from the source fc00:1::1/64.

<Huawei> system-view
[Huawei] acl ipv6 2000
[Huawei-acl6-basic-2000] rule deny source fc00:1::1/64
Translation
Download
Updated: 2019-05-29

Document ID: EDOC1000097293

Views: 90208

Downloads: 124

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Share
Previous Next