Configuring an IPv6 advanced ACL

1. Enter system view.

system-view

N/A

2. Create an IPv6 advanced ACL and enter its view.

acl ipv6 number acl6-number [ name acl6-name ] [ match-order { auto | config } ]

By default, no ACL exists.

IPv6 advanced ACLs are numbered in the range of 3000 to 3999.

You can use the acl ipv6 name acl6-name command to enter the view of a named ACL.

3. Configure a description for the IPv6 advanced ACL.

description text

Optional.

By default, an IPv6 advanced ACL has no ACL description.

4. Set the rule numbering step.

step step-value

Optional.

The default setting is 5.

5. Create or edit a rule.

rule [ rule-id ] { deny | permit } protocol [ { { ack ack-value | fin fin-value | psh psh-value | rst rst-value | syn syn-value | urg urg-value } * | established } | counting | destination { dest-address dest-prefix | dest-address/dest-prefix | any } | destination-port operator port1 [ port2 ] | dscp dscp | flow-label flow-label-value | fragment | icmp6-type { icmp6-type icmp6-code | icmp6-message } | logging | routing [ type routing-type ] | source { source-address source-prefix | source-address/source-prefix | any } | source-port operator port1 [ port2 ] | time-range time-range-name | vpn-instance vpn-instance-name ] *

By default IPv6 advanced ACL does not include any rule.

Support for the counting keyword depends on the device model.

The logging keyword takes effect only when the module using the ACL supports logging.

6. Add or edit a rule comment.

rule rule-id comment text

Optional.

By default, no rule comments are configured.

7. Add or edit a rule range remark.

rule [ rule-id ] remark text

Optional.

By default, no rule range remarks are configured.