Table of Contents
Advertisement
To do...
Enter system view
Create an advanced IPv4 ACL
and enter its view
Create or modify a rule
Set the rule numbering step
Configure a description for the
advanced IPv4 ACL
Configure a rule description
Note that:
You can only modify the existing rules of an ACL that uses the match order of config. When
modifying a rule of such an ACL, you may choose to change just some of the settings, in which
case the other settings remain the same.
You cannot create a rule with, or modify a rule to have, the same permit/deny statement as an
existing rule in the ACL.
When the ACL match order is auto, a newly created rule will be inserted among the existing rules
in the depth-first match order. Note that the IDs of the rules still remain the same.
Use the command...
system-view
acl number acl-number [ name
acl-name ] [ match-order
{ auto | config } ]
rule [ rule-id ] { deny | permit }
protocol [ { ack ack-value | fin
fin-value | psh psh-value | rst
rst-value | syn syn-value | urg
urg-value } * | destination
{ dest-addr dest-wildcard | any }
| destination-port operator
port1 [ port2 ] | dscp dscp |
fragment | icmp-type
{ icmp-type icmp-code |
icmp-message } | logging |
precedence precedence |
reflective | source { sour-addr
sour-wildcard | any } |
source-port operator port1
[ port2 ] | time-range
time-range-name | tos tos ] *
step step-value
description text
rule rule-id comment text
2-4
Remarks
––
Required
The default match order is
config.
If you specify a name for an
IPv4 ACL when creating the
ACL, you can use the acl name
acl-name command to enter
the view of the ACL later.
Required
To create or modify multiple
rules, repeat this step.
When an advanced IPv4 ACL is
referenced by a QoS policy for
traffic classification:
If the QoS policy is applied
to the inbound direction, the
logging keyword is not
supported.
If the QoS policy is applied
to the outbound direction,
the keywords of logging,
precedence,
icmp-type,
tos, ack, fin, rst, syn, psh,
urg, and reflective are not
supported
Optional
5 by default
Optional
By default, an advanced IPv4
ACL has no ACL description.
Optional
By default, an IPv4 ACL rule
has no rule description.
Advertisement
Chapters
Table of Contents
Troubleshooting
