ACL configuration commands
In this chapter, SPC cards refer to the cards prefixed with SPC, for example, SPC-GT48L. SPE cards refer
to the cards prefixed with SPE, for example, SPE- 1 020-E-II.
acl
Syntax
acl number acl-number [ name acl-name ] [ match-order { auto | config } ]
undo acl { all | name acl-name | number acl-number }
View
System view
Default level
2: System level
Parameters
number acl-number: Specifies the number of an access control list (ACL):
2000 to 2999 for IPv4 basic ACLs
•
3000 to 3999 for IPv4 advanced ACLs
•
4000 to 4999 for Ethernet frame header ACLs
•
•
5000 to 5999 for user-defined ACLs
name acl-name: Assigns a name to the ACL for easy identification. The acl-name argument takes a
case-insensitive string of 1 to 63 characters. It must start with an English letter, and to avoid confusion,
cannot be all.
match-order: Sets the order in which ACL rules are compared against packets:
auto—Compares ACL rules in depth-first order. The depth-first order differs with ACL categories. For
•
more information, see ACL and QoS Configuration Guide.
config—Compares ACL rules in ascending order of rule ID. The rule with a smaller ID has higher
•
priority. If no match order is specified, the config order applies by default.
all: Deletes all IPv4 basic, IPv4 advanced, Ethernet frame header, and user-defined ACLs.
Description
Use acl to create an IPv4 basic, IPv4 advanced, Ethernet frame header, or user-defined ACL and enter its
view. If the ACL has been created, you enter its view directly.
Use undo acl to delete the specified ACLs.
By default, no ACL exists.
You can assign a name to an ACL only when you create it. After an ACL is created with a name, you
cannot rename it or remove its name.
You can change match order only for ACLs that do not contain any rules.
The match-order keyword is not available for user-defined ACLs. They always use the config order.
1