acl
Use acl to create an ACL, and enter its view. If the ACL has been created, you directly enter its view.
Use undo acl to delete the specified or all ACLs.
Syntax
acl [ ipv6 ] number acl-number [ name acl-name ] [ match-order { auto | config } ]
undo acl [ ipv6 ] { all | name acl-name | number acl-number }
Default
No ACL exists.
Views
System view
Predefined user roles
network-admin
mdc-admin
Parameters
number acl-number: Specifies the number of an ACL:
2000 to 2999 for IPv4 basic ACLs if the ipv6 keyword is not specified and for IPv6 basic ACLs if the ipv6 keyword is specified.
3000 to 3999 for IPv4 advanced ACLs s if the ipv6 keyword is not specified and for IPv6 advanced ACLs if the ipv6 keyword is specified.
4000 to 4999 for Ethernet frame header ACLs. This entry is not displayed if the ipv6 keyword is specified.
5000 to 5999 for user-defined ACLs. This entry is not displayed if the ipv6 keyword is specified.
name acl-name: Assigns a name to the ACL for easy identification. The acl-name argument is a case-insensitive string of 1 to 63 characters. It must start with an English letter and to avoid confusion, it cannot be all.
match-order: Sets the order in which ACL rules are compared against packets.
auto: Compares ACL rules in depth-first order. The depth-first order differs with ACL categories. For more information, see ACL and QoS Configuration Guide.
config: Compares ACL rules in ascending order of rule ID. The rule with a smaller ID has higher priority. If no match order is specified, the config-order applies by default.
The match-order keyword is not available for user-defined ACLs. They always use the config-order.
all: Specifies all ACLs.
If the ipv6 keyword is not specified, all ACLs refer to all IPv4 basic, IPv4 advanced, Ethernet frame header, and user-defined ACLs.
If the ipv6 keyword is specified, all ACLs refer to all IPv6 basic and IPv6 advanced ACLs.
Usage guidelines
You can assign a name to an ACL only when you create it. After an ACL is created with a name, you cannot rename it or remove its name.
You can change the match order only for ACLs that do not contain any rules.
Examples
# Create IPv4 basic ACL 2000, and enter its view.
<Sysname> system-view [Sysname] acl number 2000 [Sysname-acl-basic-2000]
# Create IPv4 basic ACL 2001 with the name flow, and enter its view.
<Sysname> system-view [Sysname] acl number 2001 name flow [Sysname-acl-basic-2001-flow]
Related commands
display acl