2112 CHAPTER 139: IPV6 ACL CONFIGURATION COMMANDS

Table 554 Available ICMPv6 messages

ICMPv6 message

Type

Code

 

 

 

neighbor-advertisement

136

0

neighbor-solicitation

135

0

network-unreachable

1

0

packet-too-big

2

0

port-unreachable

1

4

router-advertisement

134

0

router-solicitation

133

0

unknown-ipv6-opt

4

2

unknown-next-hdr

4

1

 

 

 

Description Use the rule command to create an IPv6 ACL rule or modify the rule if it has existed.

Use the undo rule command to remove an IPv6 ACL rule or parameters from the rule.

With the undo rule command, if no parameters are specified, the entire ACL rule is removed; if other parameters are specified, only the involved information is removed.

You will fail to create or modify a rule if its permit/deny statement is exactly the same as another rule. In addition, if the ACL match order is set to auto rather than config, you cannot modify ACL rules.

When defining ACL rules, you need not assign them IDs. The system can automatically assign rule IDs, starting with 0 and increasing in certain rule numbering steps. A rule ID thus assigned is greater than the current highest rule ID. For example, if the rule numbering step is 5 and the current highest rule ID is 28, the next rule will be numbered 30. For detailed information about step, refer to “step (for IPv4)” on page 2100 and “step (for IPv6)” on page 2116.

You may use the display acl ipv6 command to verify rules configured in an IPv6 ACL. If the match order for this IPv6 ACL is auto, rules are displayed in the depth-first match order rather than by rule number.

Example # Create a rule in IPv6 ACL 3000 to permit the TCP packets with the source address 2030:5060::9050/64 to pass.

<Sysname> system-view

[Sysname] acl ipv6 number 3000

[Sysname-acl6-adv-3000] rule permit tcp source 2030:5060::9050/64

rule (in simple IPv6 ACL view)

Syntax rule protocol [ addr-flagaddr-flag destination { dest dest-prefix dest/dest-prefix any } destination-portoperator port1 [ port2 ] dscp dscp frag-type{ fragment fragment-subseqnon-fragmentnon-subseq} icmpv6-type{ icmpv6-type icmpv6-code icmpv6-message } source { source source-prefix source/source-prefix

Page 2112
Image 2112
3Com MSR 30, MSR 50 manual Rule in simple IPv6 ACL view