846 CHAPTER 63: IPV4 ACL CONFIGURATION
n
■ You will fail to create or modify a rule if its permit/deny statement is exactly the
same as another rule. In addition, if the ACL match order is set to auto rather
than config, you cannot modify ACL rules.
■ You may use the display acl command to verify rules configured in an ACL. If
the match order for this ACL is auto, rules are displayed in the depth-first
match order rather than by rule number.
c
CAUTION:
■ You can modify the match order of an ACL with the acl number acl-number
[ name acl-name ] match-order { auto | config } command but only when it
does not contain any rules.
■ The rule specified in the rule comment command must have existed.
Configuration Examples # Create ACL 4000 to deny frames with the 802.1p priority of 3.
<Sysname> system-view
[Sysname] acl number 4000
[Sysname-acl-ethernetframe-4000] rule deny cos 3
# Verify the configuration.
[Sysname-acl-ethernetframe-4000] display acl 4000
Ethernet frame ACL 4000, named -none-, 1 rule,
ACL’s step is 5
rule 0 deny cos excellent-effort
Copying an IPv4 ACL This feature allows you to copy an existent IPv4 ACL to generate a new one, which
is of the same type and has the same match order, match rules, rule numbering
step and descriptions as the source IPv4 ACL.
Configuration
Prerequisites
Make sure that the source IPv4 ACL exists while the destination IPv4 ACL does not.
Create or modify a rule rule [ rule-id ] { deny |
permit } [ cos vlan-pri |
dest-mac dest-addr
dest-mask | lsap lsap-code
lsap-wildcard | source-mac
sour-addr source-mask |
time-range time-name | type
type-code type-wildcard ] *
Required
To create multiple rules,
repeat this step.
Note that the lsap keyword is
not supported if the ACL is to
be referenced by a QoS policy
for traffic classification.
Set a rule numbering step step step-value Optional
The default step is 5.
Create an ACL description description text Optional
By default, no IPv4 ACL
description is present.
Create a rule description rule rule-id comment text Optional
By default, no rule description
is present.
To do… Use the command… Remarks
To Next Page
Loading...
