Operation Manual – ACLH3C S5500-SI Series Ethernet Switches Chapter 2 IPv4 ACL Configuration2-4z Rules created with the auto keyword specified are sorted according to the “depthfirst” principle regardless of the order they are created. However, the ID of eachrule does not change.Caution:z You can modify the match order of an ACL with the acl number acl-numbermatch-order { auto | config } command but only when it does not contain any rules.z You can use the rule comment command only for existing ACL rules.2.2.3 Configuration Example# Create IPv4 ACL 2000 to deny the packets with the source address 1.1.1.1 to pass. system-view[Sysname] acl number 2000[Sysname-acl-basic-2000] rule deny source 1.1.1.1 0# Verify the configuration.[Sysname-acl-basic-2000] display acl 2000Basic ACL 2000, 1 rule,ACL's step is 5rule 0 deny source 1.1.1.1 0 (0 times matched)2.3 Configuring an Advanced IPv4 ACLAdvanced IPv4 ACLs filter packets based on source IP address, destination IP address,upper protocol carried on IP, and other protocol header fields, such as the TCP/UDPsource port, TCP/UDP destination port, ICMP message type, and ICMP messagecode.In addition, advanced ACLs allow you to filter packets based on three priority criteria:type of service (ToS), IP precedence, and differentiated services codepoint (DSCP)priority.Advanced ACLs are numbered in the range 3000 to 3999. Compared to basic ACLs,they allow of more flexible and accurate filtering.