Copying An Acl - H3C S5120-EI Series Configuration Manual

To do...
Create or edit a rule
Configure or edit a rule description
Note that:
You can only modify the existing rules of an ACL that uses the match order of config. When
modifying a rule of such an ACL, you may choose to change just some of the settings, in which
case the other settings remain the same.
You cannot create a rule with, or modify a rule to have, the same permit/deny statement as an
existing rule in the ACL.
When the ACL match order is auto, a newly created rule will be inserted among the existing rules
in the depth-first match order. Note that the IDs of the rules still remain the same.
You can modify the match order of an ACL with the acl number acl-number [ name acl-name ]
match-order { auto | config } command but only when it does not contain any rules.

Copying an ACL

You can create an ACL by copying an existing ACL. The new ACL has the same properties and content
as the source ACL except the ACL number and name.
To copy an IPv4 or IPv6 ACL successfully, ensure that:
The destination ACL number is from the same category as the source ACL number.
The source IPv4 or IPv6 ACL already exits but the destination IPv4 or IPv6 ACL does not.
Copying an IPv4 ACL
Follow these steps to copy an IPv4 ACL:
Use the command...
rule [ rule-id ] { deny | permit }
[ cos vlan-pri | dest-mac
dest-addr dest-mask | lsap
lsap-code lsap-wildcard |
source-mac sour-addr
source-mask | time-range
time-range-name | type type-code
type-wildcard ]*
rule rule-id comment text
1-13
Remarks
Required
,
By default an Ethernet frame
header ACL does not contain any
rule.
To create or edit multiple rules,
repeat this step.
Note that the lsap keyword is not
supported if the ACL is to be
referenced by a QoS policy for
traffic classification.
Optional
By default, an Ethernet frame
header ACL rule has no rule
description.