Table of Contents
Advertisement
To do...
Create or modify a rule
Set the rule numbering
step
Configure a description
for the advanced IPv4
ACL
Configure a rule
description
Note that:
You can only modify the existing rules of an ACL that uses the match order of config. When
modifying a rule of such an ACL, you may choose to change just some of the settings, in which
case the other settings remain the same.
You cannot create a rule with, or modify a rule to have, the same permit/deny statement as an
existing rule in the ACL.
When the ACL match order is auto, a newly created rule will be inserted among the existing rules
in the depth-first match order. Note that the IDs of the rules still remain the same.
You can modify the match order of an ACL with the acl number acl-number [ name acl-name ]
match-order { auto | config } command, but only when the ACL does not contain any rules.
The rule specified in the rule comment command must already exist.
Configuration Example
# Configure IPv4 ACL 3000 to permit TCP packets with the destination port number of 80 from
129.9.0.0 to 202.38.160.0.
Use the command...
rule [ rule-id ] { deny | permit }
protocol [ { established | { ack
ack-value | fin fin-value | psh
psh-value | rst rst-value | syn
syn-value | urg urg-value } * } |
destination { dest-addr
dest-wildcard | any } |
destination-port operator port1
[ port2 ] | dscp dscp | fragment |
icmp-type { icmp-type icmp-code
| icmp-message } | logging |
precedence precedence |
reflective | source { sour-addr
sour-wildcard | any } |
source-port operator port1
[ port2 ] | time-range
time-range-name | tos tos |
vpn-instance
vpn-instance-name ] *
step step-value
description text
rule rule-id comment text
14-5
Remarks
Required
To create or modify multiple rules,
repeat this step.
Note that if the ACL is to be
referenced by a QoS policy for traffic
classification, the logging and
reflective keywords are not
supported and the operator
argument cannot be:
neq, if the policy is for the
inbound traffic,
gt, lt, neq or range, if the policy
is for the outbound traffic.
Optional
5 by default
Optional
By default, an advanced IPv4 ACL
has no ACL description.
Optional
By default, an IPv4 ACL rule has no
rule description.
Hide quick links:
Advertisement
Chapters
Table of Contents
Troubleshooting
