Configuring a simple ACL
Simple ACLs can filter packets based on criteria available with IPv6 advanced ACLs, including source and destination IPv6 addresses, protocols over IPv6, packet priorities, and other protocol header information such as TCP/UDP source and destination port numbers, ICMPv6 message types, and ICMPv6 message codes.
Simple ACLs can also use source-destination IPv6 address combination, more TCP flags, and fragmentation flags to provide more granular traffic matching than IPv6 advanced ACLs.
To configure a simple ACL:
Step | Command | Remarks |
|---|---|---|
1. Enter system view. | system-view | N/A |
2. Create a simple ACL and enter its view. | acl ipv6 number acl6-number | By default, no ACL exists. Simple ACLs are numbered in the range of 10000 to 42767. |
3. Configure a description for the simple ACL. | description text | Optional. By default, a simple ACL has no ACL description. |
4. Create or edit a rule. | rule protocol [ addr-flag addr-flag | destination { dest-address dest-prefix | dest-address/dest-prefix | any } | destination-port operator port1 [ port2 ] | dscp dscp | frag-type { fragment | fragment-subseq | non-fragment | non-subseq } | icmp6-type { icmp6-type icmp6-code | icmp6-message } | source { source-address source-prefix | source-address/source-prefix | any } | source-port operator port1 [ port2 ] | tcp-type { tcpurg | tcpack | tcppsh | tcprst | tcpsyn | tcpfin } ] * | By default, a simple ACL does not include any rule. Only one rule can be defined in a simple ACL. |