Configuring An Advanced Ipv4 Acl - H3C S5810 Series Operation Manual

To do...
Configure a description for the
basic IPv4 ACL
Configure a rule description
Note that:
You can only modify the existing rules of an ACL that uses the match order of config. When
modifying a rule of such an ACL, you may choose to change just some of the settings, in which
case the other settings remain the same.
You cannot create a rule with, or modify a rule to have, the same permit/deny statement as an
existing rule in the ACL.
When the ACL match order is auto, a newly created rule will be inserted among the existing rules
in the depth-first match order. Note that the IDs of the rules still remain the same.
You can modify the match order of an ACL with the acl number acl-number [ name acl-name ]
match-order { auto | config } command, but only when the ACL does not contain any rules.
The rule specified in the rule comment command must already exist.

Configuring an Advanced IPv4 ACL

Advanced IPv4 ACLs match packets based on source IP address, destination IP address, protocol
carried over IP, and other protocol header fields, such as the TCP/UDP source port number, TCP/UDP
destination port number, TCP flag, ICMP message type, and ICMP message code.
In addition, advanced IPv4 ACLs allow you to filter packets based on three priority criteria: type of
service (ToS), IP precedence, and differentiated services codepoint (DSCP) priority.
Advanced IPv4 ACLs are numbered in the range 3000 to 3999. Compared with basic IPv4 ACLs, they
allow of more flexible and accurate filtering.
Configuration Prerequisites
If you want to reference a time range in a rule, define it with the time-range command first.
Configuration Procedure
Follow these steps to configure an advanced IPv4 ACL:
Use the command...
description text
rule rule-id comment text
2-3
Remarks
Optional
By default, a basic IPv4 ACL
has no ACL description.
Optional
By default, an IPv4 ACL rule
has no rule description.