undo rule (UCL6 view)

Function

The undo rule command deletes an ACL6 rule or certain configuration information.

By default, no user ACL6 rule has been created.

Format

undo rule rule-id { destination | destination-port | dscp | icmp6-type | logging | precedence | source | source-port | time-range | tos | traffic-class | fragment } *

Parameters

Parameter Description Value
destination

Matches packets based on destination IP addresses.

-
destination-port

Specify destination port.

-
dscp

Matches packets based on the 6-bit DSCP field in an IPv4 packet as defined in standard protocols.

-
icmp6-type

Matches ICMP packets based on the ICMP type and message code.

-
logging

Logs matching packets.

-
precedence

Matches packets based on the high-order 3-bit ToS field in an IP packet as defined in standard protocols.

-
source

Matches packets based on source IP addresses.

-
source-port

Specify source port.

-
time-range

Specifies a time range during which an ACL rule takes effect.

-
tos

Matches packets based on the 4-bit ToS field in an IPv4 packet as defined in standard protocols.

-
traffic-class

Matches packets based on a traffic type.

-
fragment

Checks fragmented packets.

-
undo

Cancel current setting.

-
rule rule-id

Specifies the ID of a user ACL6 rule.

The value is an integer ranging from 0 to 4294967294.

Views

UCL6 view

Default Level

2: Configuration level

Task Name and Operations

Task Name Operations
acl write

Usage Guidelines

Usage Scenario

To delete an ACL rule in the user ACL6 view, run the undo rule command.

Prerequisites

A basic ACL6 has been created using the acl ipv6 command in the system view.

A time range has been configured using the time-range command in the system view if you want to specify a validity period when creating a basic ACL6 rule.

Configuration Impact

When specifying an ACL6 rule ID, note the following:

  • If a rule with a specified rule ID already exists, and the new rule conflicts with the existing one, the conflicting part in the new rule overwrites that in the existing rule.
  • If no rule with the specified rule ID exists, a rule with the specified rule ID is created.

    When an ACL6 rule ID is not specified and a rule is added, the system automatically allocates an ID to this rule. ACL6 rules are arranged in ascending order of rule IDs, with the difference between two adjacent rules as an ACL6 step.

    The rule IDs automatically generated by the system start from the ACL6 step. For example, if the ACL6 step is 5, the rule ID starts from 5; if the ACL6 step is 2, the rule ID starts from 2. This allows you to add rules before the first rule.

Precautions

If auto is configured when you run the acl ipv6 command to create an ACL6, you cannot specify a rule ID when creating a rule. The system automatically uses the ACL6 step as the start rule ID, and the subsequent rules are numbered by a step in ascending order.

If rule-id is not specified when you run the rule command to create an ACL6, the system automatically assigns an ID to the ACL6 rule. You can run the display acl ipv6 command to check the rule ID automatically assigned to an ACL6.

If name rule-name is not specified when you run the rule command to create an ACL6, the system automatically generates a name for the ACL6 in the format of "rule"+"_"+rule ID. Rule ID is the ID of an ACL6 rule that can be specified using the rule-id parameter or automatically assigned by the system. You can check the automatically generated name of an ACL6 rule through the NMS.

You must specify the rule ID when deleting a rule. To check rule IDs, run the display acl ipv6 command.Before deleting an ACL6 rule, run the display acl ipv6 command to check whether the ACL6 rule has been applied to other services. Delete the rule only when it is not applied to other services.

Example

# Create a user ACL6 numbered 6999 and create a user ACL6 rule to prohibit the host with any source service group from sending IPv6 packets to a host with any destination user group, delete an ACL rule in the user ACL6 view.
<HUAWEI> system-view
[~HUAWEI] acl ipv6 number 6999
[*HUAWEI-acl6-ucl-6999] rule 1 deny ipv6 source service-group any destination user-group any
[*HUAWEI-acl6-ucl-6999] undo rule 1 source
Parent Topic: ACL6 Configuration Commands
Copyright © Huawei Technologies Co., Ltd.
Copyright © Huawei Technologies Co., Ltd.
< Previous topic Next topic >