2-7Note that:z You can only modify the existing rules of an ACL that uses the match order of config. Whenmodifying a rule of such an ACL, you may choose to change just some of the settings, in whichcase the other settings remain the same.z You cannot create a rule with, or modify a rule to have, the same permit/deny statement as anexisting rule in the ACL.z When the ACL match order is auto, a newly created rule will be inserted among the existing rules inthe depth-first match order. Note that the IDs of the rules still remain the same.z You can modify the match order of an ACL with the acl number acl-number [ name acl-name ]match-order { auto | config } command, but only when the ACL does not contain any rules.z The rule specified in the rule comment command must already exist.Configuration Example# Configure ACL 4000 to deny frames with the 802.1p priority of 3. system-view[Sysname] acl number 4000[Sysname-acl-ethernetframe-4000] rule deny cos 3# Verify the configuration.[Sysname-acl-ethernetframe-4000] display acl 4000Ethernet frame ACL 4000, named -none-, 1 rule,ACL's step is 5rule 0 deny cos excellent-effort(5 times matched)Copying an IPv4 ACLThis feature allows you to copy an existing IPv4 ACL to generate a new one, which is of the same typeand has the same match order, rules, rule numbering step and descriptions as the source IPv4 ACL.Configuration PrerequisitesMake sure that the source IPv4 ACL exists while the destination IPv4 ACL does not.Configuration ProcedureFollow these steps to copy an IPv4 ACL:To do… Use the command… RemarksEnter system view system-view —Copy an existing IPv4 ACL togenerate a new one of thesame typeacl copy { source-acl-number | namesource-acl-name } to { dest-acl-number| name dest-acl-name }Required