1-7Note that:z With the config match order specified for the advanced ACL, you can modify any existent rule. Theunmodified part of the rule remains. With the auto match order specified for the ACL, you cannotmodify any existent rule; otherwise the system prompts error information.z If you do not specify the rule-id argument when creating an ACL rule, the rule will be numberedautomatically. If the ACL has no rules, the rule is numbered 0; otherwise, the number of the rule willbe the greatest rule number plus one. If the current greatest rule number is 65534, however, thesystem will display an error message and you need to specify a number for the rule.z The content of a modified or created rule cannot be identical with the content of any existing rules;otherwise the rule modification or creation will fail, and the system prompts that the rule alreadyexists.z If the ACL is created with the auto keyword specified, the newly created rules will be inserted in theexistent ones by depth-first principle, but the numbers of the existent rules are unaltered.Configuration example# Configure ACL 3000 to permit the TCP packets sourced from the network 129.9.0.0/16 and destinedfor the network 202.38.160.0/24 and with the destination port number being 80. system-view[Sysname] acl number 3000[Sysname-acl-adv-3000] rule permit tcp source 129.9.0.0 0.0.255.255 destination 202.38.160.00.0.0.255 destination-port eq 80# Display the configuration information of ACL 3000.[Sysname-acl-adv-3000] display acl 3000Advanced ACL 3000, 1 ruleAcl's step is 1rule 0 permit tcp source 129.9.0.0 0.0.255.255 destination 202.38.160.0 0.0.0.255destination-port eq wwwConfiguring Layer 2 ACLLayer 2 ACLs filter packets according to their Layer 2 information, such as the source and destinationMAC addresses, VLAN priority, and Layer 2 protocol types.A Layer 2 ACL can be numbered from 4000 to 4999.Configuration prerequisitesz To configure a time range-based Layer 2 ACL rule, you need to create the corresponding timeranges first. For information about time range configuration, refer to Configuring Time Rangez The settings to be specified in the rule, such as source and destination MAC addresses, VLANpriorities, and Layer 2 protocol types, are determined.Configuration procedureFollow these steps to define a Layer 2 ACL rule:To do... Use the command... RemarksEnter system view system-view —Create a Layer 2 ACL and enterlayer 2 ACL view acl number acl-number Required