Default
No ACLs exist.
Views
System view
Predefined user roles
network-admin
Parameters
ipv6: Specifies the IPv6 ACL type. To specify the IPv4 ACL type, do not provide this keyword.
basic: Specifies the basic ACL type.
advanced: Specifies the advanced ACL type.
acl-number: Assigns a number to the ACL. The following are available value ranges:
•
2000 to 2999 for basic ACLs.
•
3000 to 3999 for advanced ACLs.
name acl-name: Assigns a name to the ACL. The acl-name argument is a case-insensitive string of
1 to 63 characters. It must start with an English letter and to avoid confusion, it cannot be all.
match-order: Specifies the order in which ACL rules are compared against packets.
•
auto: Compares ACL rules in depth-first order.
•
config: Compares ACL rules in ascending order of rule ID. The rule with a smaller ID has a
higher priority. If you do not specify a match order, the config order applies by default.
all: Specifies all ACLs of the specified type.
Usage guidelines
You can change the match order only for ACLs that do not contain any rules.
If a packet matches an ACL rule that contains criteria except for the following ones, the device uses
the slow forwarding process for the packet:
•
Source IP address, source port number, destination IP address, destination port number, or
transport layer protocol.
•
ICMP message type or ICMP message code.
•
VPN instance.
•
Logging operation.
•
Time range.
During the slow forwarding process, the device sends the matching packets to the control plane. The
forwarding performance is downgraded.
Examples
# Create IPv4 basic ACL 2000 and enter its view.
<Sysname> system-view
[Sysname] acl basic 2000
[Sysname-acl-ipv4-basic-2000]
# Create IPv4 basic ACL flow and enter its view.
<Sysname> system-view
[Sysname] acl basic name flow
[Sysname-acl-ipv4-basic-flow]
# Create IPv4 advanced ACL 3000 and enter its view.
<Sysname> system-view
2