2-7
Note that:
z
You can only modify the existing rules of an ACL that uses the match order of
config
. When
modifying a rule of such an ACL, you may choose to change just some of the settings, in which
case the other settings remain the same.
z
You cannot create a rule with, or modify a rule to have, the same permit/deny statement as an
existing rule in the ACL.
z
When the ACL match order is
auto
, a newly created rule will be inserted among the existing rules in
the depth-first match order. Note that the IDs of the rules still remain the same.
z
You can modify the match order of an ACL with the
acl number
acl-number
[
name acl-name
]
match-order
{
auto
|
config
} command, but only when the ACL does not contain any rules.
z
The rule specified in the
rule comment
command must already exist.
Configuration Example
# Configure ACL 4000 to deny frames with the 802.1p priority of 3.
<Sysname> system-view
[Sysname] acl number 4000
[Sysname-acl-ethernetframe-4000] rule deny cos 3
# Verify the configuration.
[Sysname-acl-ethernetframe-4000] display acl 4000
Ethernet frame ACL 4000, named -none-, 1 rule,
ACL's step is 5
rule 0 deny cos excellent-effort(5 times matched)
Copying an IPv4 ACL
This feature allows you to copy an existing IPv4 ACL to generate a new one, which is of the same type
and has the same match order, rules, rule numbering step and descriptions as the source IPv4 ACL.
Configuration Prerequisites
Make sure that the source IPv4 ACL exists while the destination IPv4 ACL does not.
Configuration Procedure
Follow these steps to copy an IPv4 ACL:
To do…
Use the command…
Remarks
Enter system view
system-view
—
Copy an existing IPv4 ACL to
generate a new one of the
same type
acl copy
{
source-acl-number
|
name
source-acl-name
}
to
{
dest-acl-number
|
name dest-acl-name
}
Required