Configuring a Basic ACL6 Rule
Context
A basic ACL6 classifies packets by matching packet information against its rules. After a basic ACL6 is created, configure rules in the ACL6.
When the device receives a packet, it matches the packet against ACL rules one by one based on the configuration order. Once the packet matches a rule in an ACL rule group, the device stops the matching process and performs the action specified in the matching rule on the packet.
Procedure
- Run system-view
The system view is displayed.
- Run acl ipv6 { [ number ] acl6-number | name acl6-name basic }
A basic ACL6 is created, and the basic ACL6 view is displayed.
The parameter acl6-number specifies the number of a basic ACL6. The value ranges from 2000 to 2999.
By default, no ACL6 is created.
- Run rule [ rule-id ] [ name rule-name ] { deny | permit } [ fragment | source { source-ipv6-address { prefix-length | source-wildcard } | source-ipv6-address/prefix-length | any } | time-range time-name | vpn-instance vpn-instance-name ] *
Rules for the basic ACL6 are configured.
When you configure a basic ACL6:
If all source IPv6 addresses are specified (any in Step 3), the system will not check packets' source IPv6 addresses.
-
When you specify the parameter time-range to reference a time range to the ACL6, the ACL6 does not take effect if the specified time-name does not exist.
- (Optional) Run rule rule-id description description
The description of a basic ACL6 rule is configured.
By default, no description is configured for an ACL6 rule.
You are not allowed to configure the description for a rule that has not been created.
- Run commit
The configuration is committed.