HP 6125G HP 6125G & 6125G/XG Blade Switches ACL and QoS Configuration - Page 14

Command, Remarks, Create an IPv6

Get HP 6125G PDF manuals and user guides View all HP 6125G manuals
Add to My Manuals
Save this manual to your list of manuals

Page 14 highlights

Step 1. Enter system view. Command system-view Remarks N/A By default, no ACL exists. 2. Create an IPv6 advanced ACL acl ipv6 number acl6-number IPv6 advanced ACLs are numbered in the range of and enter its [ name acl6-name ] 3000 to 3999. view. [ match-order { auto | config } ] You can use the acl ipv6 name acl6-name command to enter the view of a named IPv6 ACL. 3. Configure a description for the IPv6 description text advanced ACL. Optional. By default, an IPv6 advanced ACL has no ACL description. 4. Set the rule numbering step. step step-value Optional. 5 by default. rule [ rule-id ] { deny | permit } protocol [ { { ack ack-value | fin fin-value | psh psh-value | rst rst-value | syn syn-value | urg urg-value } * | established } | counting | destination { dest dest-prefix | dest/dest-prefix | any } | destination-port By default IPv6 advanced ACL does not contain any rule. If an IPv6 advanced ACL is for QoS traffic classification or packet filtering: operator port1 [ port2 ] | dscp • Do not specify the fragment and routing 5. Create or edit a dscp | flow-label keywords, or specify neq for the operator rule. flow-label-value | fragment | argument. icmp6-type { icmp6-type icmp6-code | icmp6-message } | routing [ type routing-type ] | source { source source-prefix | source/source-prefix | any } | source-port operator port1 • Do not specify the flow-label keyword if the ACL is for outbound QoS traffic classification or outbound packet filtering. The counting keyword (even if specified) does not take effect for QoS traffic classification. [ port2 ] | time-range time-range-name | vpn-instance vpn-instance-name ] * 6. Add or edit a rule comment. rule rule-id comment text Optional. By default, no rule comments are configured. 7. Add or edit a rule range remark. rule [ rule-id ] remark text Optional. By default, no rule range remarks are configured. 8. Enable counting ACL rule matches performed in hardware. hardware-count enable Optional. Disabled by default. When the ACL is referenced by a QoS policy, this command does not take effect. 8

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
  • 27
  • 28
  • 29
  • 30
  • 31
  • 32
  • 33
  • 34
  • 35
  • 36
  • 37
  • 38
  • 39
  • 40
  • 41
  • 42
  • 43
  • 44
  • 45
  • 46
  • 47
  • 48
  • 49
  • 50
  • 51
  • 52
  • 53
  • 54
  • 55
  • 56
  • 57
  • 58
  • 59
  • 60
  • 61
  • 62
  • 63
  • 64
  • 65
  • 66
  • 67
  • 68
  • 69
  • 70
  • 71
  • 72
  • 73
  • 74
  • 75
  • 76
  • 77
  • 78
  • 79
  • 80
  • 81
  • 82
  • 83
  • 84
8
Step
Command
Remarks
1.
Enter system
view.
system-view
N/A
2.
Create an IPv6
advanced ACL
and enter its
view.
acl ipv6
number
acl6-number
[
name
acl6-name
]
[
match-order
{
auto
|
config
} ]
By default, no ACL exists.
IPv6 advanced ACLs are numbered in the range of
3000 to 3999.
You can use the
acl
ipv6
name
acl6-name
command
to enter the view of a named IPv6 ACL.
3.
Configure a
description for
the IPv6
advanced ACL.
description
text
Optional.
By default, an IPv6 advanced ACL has no ACL
description.
4.
Set the rule
numbering
step.
step
step-value
Optional.
5 by default.
5.
Create or edit a
rule.
rule
[
rule-id
] {
deny
|
permit
}
protocol
[ { {
ack
ack-value
|
fin
fin-value
|
psh
psh-value
|
rst
rst-value
|
syn
syn-value
|
urg
urg-value
} * |
established
} |
counting
|
destination
{
dest
dest-prefix
|
dest/dest-prefix
|
any
} |
destination-port
operator port1
[
port2
] |
dscp
dscp
|
flow-label
flow-label-value
|
fragment
|
icmp6-type
{
icmp6-type
icmp6-code
|
icmp6-message
}
|
routing
[
type
routing-type
]
|
source
{
source source-prefix
|
source/source-prefix
| any
} |
source-port
operator port1
[
port2
] |
time-range
time-range-name
|
vpn-instance
vpn-instance-name
] *
By default IPv6 advanced ACL does not contain any
rule.
If an IPv6 advanced ACL is for QoS traffic
classification or packet filtering:
Do not specify the
fragment
and
routing
keywords, or specify
neq
for the
operator
argument.
Do not specify the
flow-label
keyword if the ACL
is for outbound QoS traffic classification or
outbound packet filtering.
The
counting
keyword (even if specified) does not
take effect for QoS traffic classification.
6.
Add or edit a
rule comment.
rule
rule-id
comment
text
Optional.
By default, no rule comments are configured.
7.
Add or edit a
rule range
remark.
rule
[
rule-id
]
remark
text
Optional.
By default, no rule range remarks are configured.
8.
Enable
counting ACL
rule matches
performed in
hardware.
hardware-count enable
Optional.
Disabled by default.
When the ACL is referenced by a QoS policy, this
command does not take effect.