Operation Manual – ACLH3C S5500-SI Series Ethernet Switches Chapter 2 IPv4 ACL Configuration2-7To do… Use the command… RemarksEnter system view system-view ––Create and enter anEthernet frame headerACL viewacl number acl-number[ match-order { config |auto } ]RequiredThe default match order isconfig.Create or modify a rule rule [ rule-id ] { permit |deny } [ rule-string ]RequiredTo create multiple rules,repeat this step.Set a rule numbering step step step-value OptionalThe default step is 5.Create an ACLdescription description text OptionalCreate a rule description rule rule-id comment text OptionalWhen configuring a rule, note that:z You will fail to create or modify a rule if its permit/deny statement is exactly thesame as another rule. In addition, if the ACL match order is set to auto rather thanconfig, you cannot modify ACL rules.z When defining ACL rules, you are not necessarily to assign them IDs. The systemcan automatically assign rule IDs starting with 0 and increasing in certain rulenumbering steps. A rule ID thus assigned is greater than the current highest ruleID. For example, if the rule numbering step is 5 and the current highest rule ID is28, the next rule will be numbered 30.z A newly defined rule cannot be identical with any existing rule, otherwise the rulecannot be successfully created (the system will prompt the rule already exists)z Rules created with the auto keyword specified are sorted according to the “depthfirst” principle regardless of the order they are created. However, the ID of eachrule does not change.Caution:z You can modify the match order of an ACL with the acl number acl-numbermatch-order { auto | config } command but only when it does not contain any rules.z You can use the rule comment command only for existing ACL rules.2.4.3 Configuration Example# Create IPv4 ACL 4000 to deny frames with the 802.1p priority of 3.