H3C S5120-SI Series Configuration Manual page 532

To do...
Create a basic ACL and enter its
view
Configure a description for the
basic ACL
Set the rule numbering step
Create or edit a rule
Configure or edit a rule description
Note that:
You can only modify the existing rules of an ACL that uses the match order of config. When
modifying a rule of such an ACL, you may choose to change just some of the settings, in which
case the other settings remain the same.
You cannot create a rule with, or modify a rule to have, the same permit/deny statement as an
existing rule in the ACL.
When the ACL match order is auto, a newly created rule will be inserted among the existing rules
in the depth-first match order. Note that the IDs of the rules still remain the same.
You can modify the match order of an ACL with the acl number acl-number [ name acl-name ]
match-order { auto | config } command, but only when the ACL does not contain any rules.
The rule specified in the rule comment command must already exist.
Use the command...
acl number acl-number [ name
acl-name ] [ match-order { auto |
config } ]
description text
step step-value
rule [ rule-id ] { deny | permit }
[ fragment | logging | source
{ sour-addr sour-wildcard | any } |
time-range time-range-name ] *
rule rule-id comment text
1-6
Remarks
Required
By default, no ACL exists.
Basic ACLs are numbered in the
range 2000 to 2999.
You can use the acl name
acl-name command to enter the
view of an existing named ACL.
Optional
By default, a basic ACL has no
ACL description.
Optional
5 by default.
Required
By default, an Basic ACL does not
contain any rule.
To create or edit multiple rules,
repeat this step.
For a basic ACL rule to be
referenced by a QoS policy for
traffic classification, the logging
keyword is not supported.
Optional
By default, an ACL rule has no rule
description.