844 CHAPTER 63: IPV4 ACL CONFIGURATIONConfiguring anAdvanced IPv4 ACLAdvanced IPv4 ACLs filter packets based on source IP address, destination IPaddress, protocol carried on IP, and other protocol header fields, such as theTCP/UDP source port, TCP/UDP destination port, ICMP message type, and ICMPmessage code.In addition, advanced IPv4 ACLs allow you to filter packets based on three prioritycriteria: type of service (ToS), IP precedence, and differentiated services codepoint(DSCP) priority.Advanced IPv4 ACLs are numbered in the range 3000 to 3999. Compared withbasic IPv4 ACLs, they allow of more flexible and accurate filtering.ConfigurationPrerequisitesIf you want to reference a time range to a rule, define it with the time-rangecommand first.Configuration Procedure Follow these steps to configure an advanced IPv4 ACL:To do… Use the command… RemarksEnter system view system-view --Create and enteradvanced IPv4 ACLviewacl number acl-number [ nameacl-name ] [ match-order{ auto | config } ]RequiredThe default match order is config.If you specify a name for an IPv4ACL when creating the ACL, youcan use the acl name acl-namecommand to enter the view of theACL later.Create or modify a rule rule [ rule-id ] { deny | permit }protocol [ destination{ dest-addr dest-wildcard | any }| destination-port operatorport1 [ port2 ] | dscp dscp |established | fragment |icmp-type { icmp-typeicmp-code | icmp-message } |logging | precedenceprecedence | reflective | source{ sour-addr sour-wildcard | any }| source-port operator port1[ port2 ] | time-rangetime-name | tos tos ] *RequiredTo create multiple rules, repeat thisstep.Note that if the ACL is to bereferenced by a QoS policy fortraffic classification, the loggingand reflective keywords are notsupported and the operatorargument cannot be:■ neq, if the policy is for theinbound traffic,■ gt, lt, neq or range, if thepolicy is for the outboundtraffic.Set a rule numberingstepstep step-value OptionalThe default step is 5.Create an IPv4 ACLdescriptiondescription text OptionalBy default, no IPv4 ACL descriptionis present.Create a ruledescriptionrule rule-id comment text OptionalBy default, no rule description ispresent.