acl ipv6 number

Function

The acl ipv6 number command creates an ACL6 and displays the ACL6 view. If the ACL6 already exists, this command directly displays the ACL6 view.

The undo acl ipv6 number command deletes a created ACL6.

By default, no ACL6 is created.

Format

acl ipv6 [ number ] interface-based-acl6-number [ match-order { config | auto } ]

acl ipv6 [ number ] basic-acl6-number [ match-order { config | auto } ]

acl ipv6 [ number ] advance-acl6-number [ match-order { config | auto } ]

acl ipv6 [ number ] ucl-acl6-number [ match-order { auto | config } ]

undo acl ipv6 [ number ] basic-acl6-number

undo acl ipv6 [ number ] advance-acl6-number

undo acl ipv6 [ number ] interface-based-acl6-number

undo acl ipv6 all

undo acl ipv6 [ number ] ucl-acl6-number

Parameters

Parameter Description Value
interface-based-acl6-number

Creates an interface-based ACL6 with a number.

The value is an integer ranging from 1000 to 1999.
match-order

Indicates the order in which advanced ACL6 rules are matched.

-
config

Indicates the configuration order, meaning that ACL6 rules are matched in the order they are configured.

This mechanism applies only when rule numbers are not specified. If rule numbers are specified, the ACL6 rules are matched based on the numbers in ascending order.

-
auto
Indicates the automatic order, meaning that ACL6 rules are matched based on the depth-first principle.
  • The depth-first principle matches ACL6 rules based on how precise the rules are. The more matching criteria an ACL6 rule contains, the more precise the rule is.
  • If two rules have the same precision, they are matched in the order they are configured.

-
basic-acl6-number

Creates a basic ACL6 with a number.

The value is an integer ranging from 2000 to 2999.
advance-acl6-number

Creates an advanced ACL6 with a number.

The value is an integer ranging from 3000 to 3999.
ucl-acl6-number

Creates a user ACL6 with a number.

The value is an integer ranging from 6000 to 9999.
all

Deletes all ACL6s.

-

Views

System view

Default Level

2: Configuration level

Task Name and Operations

Task Name Operations
acl write

Usage Guidelines

Usage Scenario

To create an ACL6, run the acl ipv6 command.

  • An interface-based ACL6 defines rules for filtering packets based on the inbound interfaces of packets.
  • A basic ACL6 defines rules for filtering packets based on the source IP addresses of packets.
  • Advanced ACL6s match packets based on the source IP address, destination IP address, IP protocol type, and protocol-specific configurations (for example, source and destination TCP ports and ICMPv6 protocol type and code) of the packets.
  • User ACL6s match packets based on the source/destination IPv6 address, source/destination service group, source/destination user group, source/destination port number, and protocol type.

Configuration Impact

The undo acl ipv6 all command deletes all types of ACL6s on a device. If the ACL6s being deleted are applied to services, these services are interrupted. Before deleting an ACL6, ensure that the ACL6 is not referenced by services.

Follow-up Procedure

After you create an ACL6, the ACL6 view is displayed.

Deleting an ACL referenced by a service may interrupt this service. Before deleting an ACL, check whether the ACL is referenced by any service.

Example

# Create a interface-based ACL6 numbered 1999.
<HUAWEI> system-view
[~HUAWEI] acl ipv6 number 1999
# Create a user ACL6 numbered 6999.
<HUAWEI> system-view
[~HUAWEI] acl ipv6 number 6999
# Create an advanced ACL6 numbered 3999.
<HUAWEI> system-view
[~HUAWEI] acl ipv6 number 3999
# Create a basic ACL6 numbered 2999.
<HUAWEI> system-view
[~HUAWEI] acl ipv6 number 2999
Parent Topic: ACL6 Configuration Commands
Copyright © Huawei Technologies Co., Ltd.
Copyright © Huawei Technologies Co., Ltd.
< Previous topic Next topic >