9
name for the ease of identification. After creating an ACL with a name, you can neither
rename it nor delete its name.
You cannot assign a name for a WLAN ACL.
For a WLAN ACL, the ACL number and name must be globally unique. For an IPv4 basic
or advanced ACLs, its ACL number and name must be unique among all IPv4 ACLs, and
for an IPv6 basic or advanced ACL, among all IPv6 ACLs. You can assign an IPv4 ACL
the same number and name as an IPv6 ACL.
Match order
The rules in an ACL are sorted in certain order. When a packet matches a rule, the
device stops the match process and performs the action defined in the rule. If an ACL
contains overlapping or conflicting rules, the matching result and action to take
depend on the rule order.
Two ACL match orders are available:
config: Sorts ACL rules in ascending order of rule ID. A rule with a lower ID is
matched before a rule with a higher ID. If you use this approach, check rule
content and order carefully.
auto: Sorts ACL rules in depth-first order. Depth-first ordering ensures that any subset
of a rule is always matched before the rule. The depth-first ordering procedure
varies with ACL categories, as shown in
Table 2
.
NOTE:
The rule order of WLAN ACLs can only be config.
Table 2
Sorting ACL rules in depth-first order
ACL category
Depth-first rule sorting procedures
IPv4 basic ACL
1.
The rule configured with a VPN instance takes precedence.
2.
The rule with more 0s in the source IP address wildcard mask takes
precedence. More 0s means a narrower IP address range.
3.
The rule with a smaller rule ID takes precedence.
