2-4 system-view[Sysname] acl number 2000[Sysname-acl-basic-2000] rule deny source 1.1.1.1 0# Verify the configuration.[Sysname-acl-basic-2000] display acl 2000Basic ACL 2000, named -none-, 1 rule,ACL's step is 5rule 0 deny source 1.1.1.1 0 (5 times matched)Configuring an Advanced IPv4 ACLAdvanced IPv4 ACLs match packets based on source IP address, destination IP address, protocolcarried over IP, and other protocol header fields, such as the TCP/UDP source port number, TCP/UDPdestination port number, TCP flag, ICMP message type, and ICMP message code.In addition, advanced IPv4 ACLs allow you to filter packets based on three priority criteria: type ofservice (ToS), IP precedence, and differentiated services codepoint (DSCP) priority.Advanced IPv4 ACLs are numbered in the range 3000 to 3999. Compared with basic IPv4 ACLs, theyallow of more flexible and accurate filtering.Configuration PrerequisitesIf you want to reference a time range in a rule, define it with the time-range command first.Configuration ProcedureFollow these steps to configure an advanced IPv4 ACL:To do… Use the command… RemarksEnter system view system-view ––Create an advancedIPv4 ACL and enter itsviewacl number acl-number [ nameacl-name ] [ match-order { auto |config } ]RequiredThe default match order is config.If you specify a name for an IPv4ACL when creating the ACL, you canuse the acl name acl-namecommand to enter the view of theACL later.