13-5Introduction to IPv6 ACLThis section covers these topics:z IPv6 ACL Classificationz IPv6 ACL Namingz IPv6 ACL Match Orderz IPv6 ACL Stepz Effective Period of an IPv6 ACLIPv6 ACL ClassificationIPv6 ACLs, identified by ACL numbers, fall into three categories, as shown in Table 13-2.Table 13-2 IPv6 ACL categoriesCategory ACL number Matching criteriaBasic IPv6 ACL 2000 to 2999 Source IPv6 addressAdvanced IPv6 ACL 3000 to 3999Source IPv6 address, destination IPv6 address,protocol carried over IPv6, and other Layer 3 orLayer 4 protocol header informationIPv6 ACL NamingWhen creating an IPv6 ACL, you can specify a unique name for it. Afterwards, you can identify theIPv6 ACL by its name.An IPv6 ACL can have only one name. Whether to specify a name for an ACL is up to you. Aftercreating an ACL, you cannot specify a name for it, nor can you change or remove its name.The name of an IPv6 ACL must be unique among IPv6 ACLs. However, an IPv6 ACL and an IPv4 ACLcan share the same name.IPv6 ACL Match OrderSimilar to IPv4 ACLs, an IPv6 ACL consists of multiple rules, each of which specifies different matchingcriteria. These criteria may have overlapping or conflicting parts. The match order is for determininghow a packet should be matched against the rules.Two match orders are available for IPv6 ACLs:z config: Packets are compared against ACL rules in the order the rules are configured.z auto: Packets are compared against ACL rules in the depth-first match order.The term depth-first match has different meanings for different types of IPv6 ACLs:Depth-first match for a basic IPv6 ACLThe following shows how your device performs depth-first match in a basic IPv6 ACL: