3com S7906E インストール手順
3-4
Note that:
z
You can only modify the existing rules of an ACL that uses the match order of config. When
modifying a rule of such an ACL, you may choose to change just some of the settings, in which
case the other settings remain the same.
z
You cannot create a rule with, or modify a rule to have, the same permit/deny statement as an
existing rule in the ACL.
z
When the ACL match order is auto, a newly created rule will be inserted among the existing rules in
the depth-first match order. Note that the IDs of the rules still remain the same.
z
You can modify the match order of an IPv6 ACL with the acl ipv6 number acl6-number [ name
acl6-name ] match-order { auto | config } command but only when it does not contain any rules.
z
The rule specified in the rule comment command must have existed.
Configuration Examples
# Create IPv6 ACL 3000 to permit the TCP packets with the source address 2030:5060::9050/64 to
pass.
<Sysname> system-view
[Sysname] acl ipv6 number 3000
[Sysname-acl6-adv-3000] rule permit tcp source 2030:5060::9050/64
# Verify the configuration.
[Sysname-acl6-adv-3000] display acl ipv6 3000
Advanced IPv6 ACL 3000, named -none-, 1 rule,
ACL's step is 5
rule 0 permit tcp source 2030:5060::9050/64
Copying an IPv6 ACL
This feature allows you to copy an existent IPv6 ACL to generate a new one, which is of the same type
and has the same match order, match rules, rule numbering step and descriptions as the source IPv6
ACL.
Configuration Prerequisites
Make sure that the source IPv4 ACL exists while the destination IPv4 ACL does not.
Configuration Procedure
Follow these steps to copy an IPv6 ACL:
To do…
Use the command…
Remarks
Enter system view
system-view
—