642 CHAPTER 60: ACL C ONFIGURATIONIn the case that you specify the rule ID when defining a rule:■ If the rule corresponding to the specified rule ID already exists, you will edit therule, and the modified part in the rule will replace the original content, whileother parts remain unchanged.■ If the rule corresponding to the specified rule ID does not exists, you will createand define a new rule.■ The content of a newly created rule must not be identical with the content ofany existing rule; otherwise the rule creation will fail, and the system willprompt that the rule already exists.If you do not specify a rule ID, you will create and define a new rule, and thesystem will assign an ID for the rule automatically.Configuration Example # Configure ACL 2000 to deny packets whose source IP address is 1.1.1.1. system-view[SW7750] acl number 2000[SW7750-acl-basic-2000] rule deny source 1.1.1.1 0[SW7750-acl-basic-2000] display acl config 2000Basic ACL 2000, 1 rule,rule 0 deny source 1.1.1.1 0 (0 times matched)Defining AdvancedACLsAdvanced ACLs define classification rules according to the source and destinationIP addresses of packets, the type of protocol over IP, and protocol-specific featuressuch as TCP/UDP source and destination ports, TCP flag bit, ICMP protocol type,and so on.The value range for advanced ACL numbers is 3,000 to 3,999 (ACL 3998 and3999 are reserved for cluster management, and you cannot configure them).Advanced ACLs support analysis and processing of three packet priority levels:type of service (ToS) priority, IP priority and differentiated services codepointPriority (DSCP).Using advanced ACLs, you can define classification rules that are more accurate,more abundant, and more flexible than those defined with basic ACLs.Create or enter basic ACLviewacl { number acl-number |name acl-name [ advanced |basic | link | user ] }[ match-order { config |auto } ]RequiredBy the default, the matchorder is config.Define an rule rule [ rule-id ] { permit |deny } [ source { source-addrwildcard | any } | fragment |time-range time-name ]*RequiredDisplay ACL information display acl config { all |acl-number | acl-name }OptionalThis command can beexecuted in any view.Table 510 Define a basic ACL ruleOperation Command Description