1-12Note that:z You can only modify the existing rules of an ACL that uses the match order of config. Whenmodifying a rule of such an ACL, you may choose to change just some of the settings, in whichcase the other settings remain the same.z You cannot create a rule with, or modify a rule to have, the same permit/deny statement as anexisting rule in the ACL.z When the ACL match order is auto, a newly created rule will be inserted among the existing rulesin the depth-first match order. Note that the IDs of the rules still remain the same.You can modify the match order of an IPv6 ACL with the acl ipv6 number acl6-number [ nameacl6-name ] match-order { auto | config } command but only when it does not contain any rules.Configuring an Ethernet Frame Header ACLEthernet frame header ACLs, also called Layer 2 ACLs, match packets based on Layer 2 protocolheader fields such as source MAC address, destination MAC address, 802.1p priority (VLAN priority),and link layer protocol type.Follow these steps to configure an Ethernet frame header ACL:To do… Use the command… RemarksEnter system view system-view ––Create an Ethernet frame headerACL and enter its viewacl number acl-number [ nameacl-name ] [ match-order { auto |config } ]RequiredBy default, no ACL exists.Ethernet frame header ACLs arenumbered in the range 4000 to4999.You can use the acl nameacl-name command to enter theview of an existing namedEthernet frame header ACL.Configure a description for theEthernet frame header ACL description textOptionalBy default, an Ethernet frameheader ACL has no ACLdescription.Set the rule numbering step step step-valueOptional5 by default.