Creating a Basic IPv6 ACL

Procedure

1. Access the system view.

   system-view

2. Create a basic IPv6 ACL and access the basic IPv6 ACL view.

   acl ipv6 [ number ] ipv6-acl-number [ vpn-instance vpn-instance-name ]

   acl-number determines the type of an IPv6 ACL. The basic IPv6 ACL number ranges from 2000 to 2999.

3. Optional: Set a step for the IPv6 ACL.

   step step

   The default step is 5.

   After you set a step for the ACL, the system can automatically assign rule IDs if you do not specify the rule IDs. The automatically assigned rule IDs are multiple of the step in ascending order. The step allows you to insert rules between two rules.

   You can set a step for an ACL only when no rule is configured for the ACL. After you configure an ACL rule, you cannot change the step.

4. Configure an IPv6 ACL rule.

   rule [ rule-id ] { permit | deny } [ logging | source { source-ipv6-address prefix-length | source-ipv6-address/prefix-length | any } | time-range time-name ] ^*

   When you configure an IPv6 ACL rule, note the following points:

   • If rule-id is not specified during the configuration, a new rule is added. In this case, the system automatically assigns a minimum number that is larger than the maximum number of the existing rule, to the new rule according to the step. For example, if the maximum number of the existing rule is 21 and the step is 5, the system assigns number 26 to the new rule.
   • If rule-id is specified and the related rule with the same ID exists, the existing rule is edited. If no related rule with the same ID exists, a new rule is added and inserted to the corresponding position according to its rule-id.
   • A new or modified rule should be different from any existing one; otherwise, the creation or modification fails and the system prompts you that the rule already exists.

   Parameter logging specifies that matched packets are logged.