3com S7906E Guide De Référence

 

1-31 

z 

You will fail to create or modify a rule if its permit/deny statement is exactly the same as another 

rule. In addition, if the ACL match order is set to auto rather than config, you cannot modify ACL 

rules.  

z 

When defining ACL rules, you need not assign them IDs. The system can automatically assign rule 

IDs, starting with 0 and increasing in certain rule numbering steps. A rule ID thus assigned is 

greater than the current highest rule ID. For example, if the rule numbering step is 5 and the current 

highest rule ID is 28, the next rule will be numbered 30.  

z 

You may use the display acl ipv6 command to verify rules configured in an IPv6 ACL. If the match 

order for this IPv6 ACL is auto, rules are displayed in the depth-first match order rather than by rule 

number.  

 

For an advanced IPv6 ACL to be referenced by a QoS policy for traffic classification: 

z 

The logging and fragment keywords are not supported. 

z 

The operator cannot be neq if the ACL is for the inbound traffic. 

z 

The operator cannot be gt, lt, neq, or range if the ACL is for the outbound traffic. 

 

# Create a rule in IPv6 ACL 3000 to permit the TCP packets with the source address 

2030:5060::9050/64 to pass.  

<Sysname> system-view 

[Sysname] acl ipv6 number 3000 

[Sysname-acl6-adv-3000] rule permit tcp source 2030:5060::9050/64 

rule rule-id comment text 

undo rule rule-id comment 

Basic IPv6 ACL view, advanced IPv6 ACL view 

2: System level 

rule-id: IPv6 ACL rule number in the range 0 to 65534.  

text: IPv6 ACL rule description, a case-sensitive string of 1 to 127 characters.  

Use the rule comment command to create a rule description for an existing ACL rule or modify the rule 

description of an ACL rule to, for example, describe the purpose of the ACL rule or its attributes.