z If you do not specify the rule-id argument when creating an ACL rule, the rule will be numberedle is numbered 0; otherwise, the number of the rule wills one. If the current greatest rule number is 65534, however, theyou that the rule cannot be created and you need to specify a number for the rule.fied or created rule cannot be identical with the content of any existing rules;otherwise the rule modification or creation will fail, and the system prompts that the rule alreadyCided that VLAN-VPN is not enabled on any port. Inof the rule, and 27 is the protocol field offsetsConf rs as required. The number of anwitch 4500 Series support matching the following fields:hes the CoS field in IPv6 packets.estination IP address field in IPv6 packets.dest-mac: Matches the destination MAC address field in IPv6 packets.dscp: Matches the traffic class field in IPv6 packets.ip-protocol: Matches the next header field in IPv6 packets.pe: Matches IPv6 packets with the Layer 2 protocol being IPv6.z atches the source address field in IPv6 packets.field in IPv6 packets.zzzzautomatically. If the ACL has no rules, the rube the greatest rule number plusystem will tellz The content of a modiexists.onfiguration example# Configure ACL 5000 to deny all TCP packets, provthe ACL rule, 06 is the TCP protocol number, ff is the maskof an internally processed IP packet. system-view[Sysname] acl number 5000[Sysname-acl-user-5000] rule deny 06 ff 27# Display the configuration information of ACL 5000.[Sy name-acl-user-5000] display acl 5000User defined ACL 5000, 1 ruleAcl's step is 1rule 0 deny 06 ff 27igu ing IPv6 ACLYou can match IPv6 packets by IPv6 ACLs to process IPv6 data flowIPv6 ACL is in the range from 5000 to 5999.Sz cos: Matcz dest-ip: Matches the dzz double-tag: Matches IPv6 packets with two tags.zzz ipv6-tysrc-ip: Mz dest-ip: Matches the destination addressz src-port: Matches the TCP/UDP source port field in IPv6 packets.dest-port: Matches the TCP/UDP destination port field in IPv6 packets.icmpv6-type: Matches the ICMPv6 type field in IPv6 packets.icmpv6-code: Matches the ICMPv6 code field in IPv6 packets.vlan: Matches the VLAN tag field in IPv6 packets.IPv6 ACLs do not match IPv6 packets with extension headers.44-10
