1
ACL configuration commands
NOTE:
The Layer 3 Ethernet interface in this document refers to the Ethernet port that can perform IP routing and
inter-VLAN routing. You can set an Ethernet port as a Layer 3 Ethernet interface by using the
port
link-mode
route
command (see the
Layer 2
—
LAN Switching Configuration Guide).
acl
Syntax
acl
number
acl-number
[
name
acl-name
] [
match-order
{
auto
|
config
} ]
undo
acl
{
all
|
name
acl-name
|
number
acl-number
}
View
System view
Default level
2: System level
Parameters
number
acl-number
: Specifies the number of an IPv4 access control list (ACL):
•
2000 to 2999 for IPv4 basic ACLs
•
3000 to 3999 for IPv4 advanced ACLs
•
4000 to 4999 for Ethernet frame header ACLs
name
acl-name
: Assigns a name for the IPv4 ACL for easy identification. The
acl-name
argument takes
a case insensitive string of 1 to 63 characters. It must start with an English letter, and to avoid confusion,
cannot be
all
.
match-order
: Sets the order in which ACL rules are compared against packets:
•
auto
—
Compares ACL rules in depth-first order. The depth-first order differs with ACL categories. For
more information, see the
ACL and QoS Configuration Guide
.
•
config
—
Compares ACL rules in ascending order of rule ID. The rule with a smaller ID has higher
priority. If no match order is specified, the config order applies by default.
all
: Deletes all IPv4 ACLs.
Description
Use the
acl
command to create an IPv4 ACL and enter its view. If the ACL has been created, you enter its
view directly.
Use the
undo
acl
command to delete the specified IPv4 ACL or all IPv4 ACLs.
By default, no ACL exists.
You can assign a name for an IPv4 ACL only when you create it. After a named ACL is created, you
cannot rename it or remove its name.
