Configuring a Basic IPv4 ACL 843
n
■ You will fail to create or modify a rule if its permit/deny statement is exactly the
same as another rule. In addition, if the ACL match order is set to auto rather
than config, you cannot modify ACL rules.
■ You may use the display acl command to verify rules configured in an ACL. If
the match order for this ACL is auto, rules are displayed in the depth-first
match order rather than by rule number.
c
CAUTION:
■ You can modify the match order of an ACL with the acl number acl-number
[ name acl-name ] match-order { auto | config } command but only when it
does not contain any rules.
■ The rule specified in the rule comment command must have existed.
Configuration Examples # Create IPv4 ACL 2000 to deny the packets with source address 1.1.1.1 to pass.
<Sysname> system-view
[Sysname] acl number 2000
[Sysname-acl-basic-2000] rule deny source 1.1.1.1 0
# Verify the configuration.
[Sysname-acl-basic-2000] display acl 2000
Basic ACL 2000, named -none-, 1 rule,
ACL’s step is 5
rule 0 deny source 1.1.1.1 0
Create and enter basic
IPv4 ACL view
acl number acl-number
[ name acl-name ]
[ match-order { auto |
config }]
Required
The default match order is config.
If you specify a name for an IPv4
ACL when creating the ACL, you can
use the acl name acl-name
command to enter the view of the
ACL later.
Create or modify a rule rule [ rule-id ] { deny |
permit } [ fragment |
logging | source { sour-addr
sour-wildcard | any } |
time-range time-name ] *
Required
To create multiple rules, repeat this
step.
Note that the logging keyword is
not supported if the ACL is to be
referenced by a QoS policy for traffic
classification.
Set a rule numbering
step
step step-value Optional
The default step is 5.
Create an IPv4 ACL
description
description text Optional
By default, no IPv4 ACL description
is present.
Create a rule description rule rule-id comment text Optional
By default, no rule description is
present.
To do… Use the command… Remarks
To Next Page
Loading...
