为何S5560-30C-EI配置了入接口上的IPv6 ACL后,有匹配计数,但仍会抓到应过滤网段内漏过的数据包呢?
接口配置
interface Ten-GigabitEthernet1/0/25
port link-mode bridge
description HuaweiBJ_1/16_Internet
port access vlan 10
packet-filter ipv6 3108 inbound hardware-count
packet-filter 3108 inbound hardware-count
#
Advanced IPv6 ACL 3108, 15 rules,
rule 50 permit ipv6 destination 2001:DA8:8000:1:0:689:2:48/128
rule 100 permit ipv6 destination 2403:D400:FFFF:1::10/128
rule 110 permit ipv6 destination 2403:D400:FFFF:1::/64
rule 120 permit ipv6 destination 2403:D400:FFFF::/48
rule 201 deny ipv6 source 2408:4003:10B1:4003::/64
rule 202 deny ipv6 source 2604:A940:301:225::/64
rule 203 deny ipv6 source 2408:4001:20A:4A00::/64
rule 204 deny ipv6 source 2604:A940:300::/46
rule 60000 permit ipv6 destination 2001:DA8:8000::/48
rule 60010 permit ipv6 destination 2403:D400::/32
rule 60020 permit ipv6 destination 2001:250:6000::/48
rule 60030 permit ipv6 destination 2001:251:7801::/48
rule 60040 permit ipv6 destination 2001:256:100:2000::/56
rule 60100 permit ipv6 destination 2408:8026:380::/52
rule 65000 permit ipv6
是在交换机下联上