3com S7906E Guide De Référence
1-31
z
You will fail to create or modify a rule if its permit/deny statement is exactly the same as another
rule. In addition, if the ACL match order is set to auto rather than config, you cannot modify ACL
rules.
z
When defining ACL rules, you need not assign them IDs. The system can automatically assign rule
IDs, starting with 0 and increasing in certain rule numbering steps. A rule ID thus assigned is
greater than the current highest rule ID. For example, if the rule numbering step is 5 and the current
highest rule ID is 28, the next rule will be numbered 30.
z
You may use the display acl ipv6 command to verify rules configured in an IPv6 ACL. If the match
order for this IPv6 ACL is auto, rules are displayed in the depth-first match order rather than by rule
number.
For an advanced IPv6 ACL to be referenced by a QoS policy for traffic classification:
z
The logging and fragment keywords are not supported.
z
The operator cannot be neq if the ACL is for the inbound traffic.
z
The operator cannot be gt, lt, neq, or range if the ACL is for the outbound traffic.
Examples
# Create a rule in IPv6 ACL 3000 to permit the TCP packets with the source address
2030:5060::9050/64 to pass.
<Sysname> system-view
[Sysname] acl ipv6 number 3000
[Sysname-acl6-adv-3000] rule permit tcp source 2030:5060::9050/64
rule comment (for IPv6)
Syntax
rule rule-id comment text
undo rule rule-id comment
View
Basic IPv6 ACL view, advanced IPv6 ACL view
Default Level
2: System level
Parameters
rule-id: IPv6 ACL rule number in the range 0 to 65534.
text: IPv6 ACL rule description, a case-sensitive string of 1 to 127 characters.
Description
Use the rule comment command to create a rule description for an existing ACL rule or modify the rule
description of an ACL rule to, for example, describe the purpose of the ACL rule or its attributes.