1-14
You can only modify the existing rules of an ACL that uses the match order of config. When modifying a
rule of such an ACL, you may choose to change just some of the settings, in which case the other
settings remain the same.
When the ACL match order is auto, a newly created rule will be inserted among the existing rules in the
depth-first match order. Note that the IDs of the rules still remain the same.
For a basic ACL rule to be referenced by a QoS policy for traffic classification, the logging keyword is
not supported.
Related commands: display acl.
Examples
# Create a rule in ACL 2000 to deny packets sourced from 1.1.1.1.
<Sysname> system-view
[Sysname] acl number 2000
[Sysname-acl-basic-2000] rule deny source 1.1.1.1 0
rule (Ethernet frame header ACL view)
Syntax
rule [ rule-id ] { deny | permit } [ cos vlan-pri | dest-mac dest-addr dest-mask | { lsap lsap-type
lsap-type-mask | type protocol-type protocol-type-mask } | source-mac sour-addr source-mask |
time-range time-range-name ] *
undo rule rule-id [ time-range ]
View
Ethernet frame header ACL view
Default Level
2: System level
Parameters
rule-id: Specifies a rule ID, which ranges from 0 to 65534. If no rule ID is not provided when you create
an ACL rule, the system automatically assigns it a rule ID. This rule ID takes the nearest higher multiple
of the numbering step to the current highest rule ID, starting from 0. For example, if the rule numbering
step is 5 and the current highest rule ID is 28, the rule is numbered 30.
deny: Drops matching packets.
permit: Allows matching packets to pass.
cos vlan-pri: Defines an 802.1p priority. The vlan-pri argument can be a number in the range 0 to 7 or in
words, best-effort (0), background (1), spare (2), excellent-effort (3), controlled-load (4), video (5),
voice (6), or network-management (7).
To Next Page
Loading...
Need help?
General