Operation Manual – ACLH3C S3610&S5510 Series Ethernet Switches Chapter 2 IPv4 ACL Configuration2-8To do… Use the command… RemarksCreate a ruledescription rule rule-id comment textOptionalBy default, no ruledescription is present.Note that:z You will fail to create or modify a rule if its permit/deny statement is exactly thesame as another rule. In addition, if the ACL match order is set to auto rather thanconfig, you cannot modify ACL rules.z When defining ACL rules, you need not always assign them IDs. The system canautomatically assign rule IDs starting with 0 and increasing in certain rulenumbering steps. A rule ID thus assigned is greater than the current highest ruleID. For example, if the rule numbering step is 5 and the current highest rule ID is28, the next rule will be numbered 30. For detailed information about step, refer tothe step command.z You may use the display acl command to verify rules configured in an ACL. If thematch order for this ACL is auto, rules are displayed in the depth-first match orderrather than by rule number.Caution:z You can modify the match order of an IPv4 ACL with the acl number acl-number[ name acl-name ] match-order { auto | config } command but only when it doesnot contain any rules.z The rule specified in the rule comment command must have existed.2.4.3 Configuration Examples# Create ACL 4000 to deny frames with the 802.1p priority of 3. system-view[Sysname] acl number 4000[Sysname-acl-ethernetframe-4000] rule deny cos 3# Verify the configuration.[Sysname-acl-ethernetframe-4000] display acl 4000Ethernet frame ACL 4000, named -none-, 1 rule,ACL's step is 5rule 0 deny cos excellent-effort
