Configure IPv6 Standard ACL
IPv6 standard ACL makes the classification rules according to the source IPv6 address to filter the packets.
Configuration Condition
None
Configure IPv6 Standard ACL
IP standard ACL name can use the numbers, and also can use the customized character string. When using the numbers, you can configure the maximum number of the ACLs. When adopting the customized character string, there is no limitation for the maximum quantity of ACL. The user can select the ACL name as desired.
Table 15-12 Configure the IPv6 standard ACL
|
Step
|
Command
|
Description
|
|
Enter the global configuration mode
|
configure terminal
|
-
|
|
Configure the IPv6 standard ACL
|
ipv6 access-list standard { access-list-number | access-list-name }
|
Mandatory
By default, the IPv6 standard ACL is not configured.
|
|
Configure the permit rule of ACL
|
[ sequence ] permit { any | source-addr/source-wildcard | host source-addr } [ time-range time-range-name ] [ pbr-action-group pbr-action-group-name ] [ l3-action-group l3-action-group-name ] [ egr-action-group egr-action-group-name ]
|
Optional
By default, the ACL permit rule is not configured.
|
|
Configure the refuse rule of ACL
|
[ sequence ] deny { any | source-addr/source-wildcard | host source-addr } [ time-range time-range-name ] [ l3-action-group l3-action-group-name ] [ egr-action-group egr-action-group-name ] [ pbr-action-group pbr-action-group-name ]
|
Optional
By default, do not configure the ACL refuse rule.
|
|
Configure the ACL remarks
|
[ sequence ] remark comment
|
Optional
By default, do not configure the ACL rule remarks.
|
-
When using the ipv6 access-list standard command to create the IPv6 standard ACL, the ACL can be created only after configuring the rules in the IPv6 standard ACL configuration mode.
- Sequence means the order number of the rule in the ACL. ACL matches and filters the packet strictly according to the order from small sequence to large sequence. The rule with the small sequence first takes effect. When all rules do not match, execute the default drop action, that is, all the packets not permitted to pass are dropped.
Configure the IPv6 Standard ACL Named by Numbers
The IPv6 standard ACL named by numbers can let the user identify the type of the ACL quickly. However, the IPv6 standard ACL named by numbers has some limitations. For example, the ACL quantity is limited.
Table 15-13 Configure the IPv6 standard ACL named by numbers
|
Step
|
Command
|
Description
|
|
Enter the global configuration mode
|
configure terminal
|
-
|
|
Configure the IPv6 standard ACL named by numbers
|
access-list access-list-number { permit | deny } { any | source-addr/source-wildcard | host source-addr } [ time-range time-range-name ] [ l3-action-group l3-action-group-name ] [ egr-action-group egr-action-group-name ] [ pbr-action-group pbr-action-group-name ]
|
Mandatory
By default, the IPv6 standard ACL named by numbers is not configured.
The sequence range of the IPv6 standard ACL is 6001-7000.
|
|
Configure the remarks of the IPv6 standard ACL named by numbers
|
access-list access-list-number remark comment
|
Optional
By default, the remarks of the IPv6 standard ACL named by numbers are not configured.
|
-
If the ACL with the specified sequence does not exist, create one new ACL and add new rules. If the ACL with the specified number exists, just add new rules.
Switch
.png){kind=icon}
.png){kind=logo}
