3com S7906E Instruccion De Instalación

 

1-5 

A referenced time range can be one that has not been created yet. The rule, however, can take effect 

only after the time range is defined and comes active.  

Traditional packet filtering performs match operation on, rather than all IP fragments, the first ones only. 

All subsequent non-first fragments are handled in the way the first fragments are handled. This causes 

security risk as attackers may fabricate non-first fragments to attack your network.  

A rule defined with the fragment keyword applies to only IP fragments. Note that a rule defined with the 

fragment keyword matches non-last IP fragments on an SA or EA Series LPUs while matching non-first 

IP fragments on an SC, EB, or SD Series LPUs. For detailed information about types of LPUs, refer to 

the 3Com S7900E Family Getting Started Guide. 

This section covers these topics: 

z 

IPv6 ACL Classification 

z 

z 

z 

z 

Effective Period of an IPv6 ACL 

IPv6 ACLs, identified by ACL numbers, fall into three categories, as show in 

. 

Table 1-2 IPv6 ACL categories 

Basic IPv6 ACL 

2000 to 2999 

Source IPv6 address 

Advanced IPv6 ACL 

3000 to 3999 

Source IPv6 address, destination 
IPv6 address, protocol carried on 
IPv6, and other Layer 3 or Layer 4 
protocol header fields 

 

When creating an IPv6 ACL, you can specify a unique name for it. Afterwards, you can identify the IPv6 

ACL by its name. 

An IPv6 ACL can have only one name. Whether to specify a name for an ACL is up to you. After creating 

an ACL, you cannot specify a name for it, nor can you change or remove the name of the ACL.