2-3To do… Use the command… RemarksConfigure a description for thebasic IPv4 ACL description textOptionalBy default, a basic IPv4 ACLhas no ACL description.Configure a rule description rule rule-id comment textOptionalBy default, an IPv4 ACL rulehas no rule description.Note that:z You can only modify the existing rules of an ACL that uses the match order of config. Whenmodifying a rule of such an ACL, you may choose to change just some of the settings, in whichcase the other settings remain the same.z You cannot create a rule with, or modify a rule to have, the same permit/deny statement as anexisting rule in the ACL.z When the ACL match order is auto, a newly created rule will be inserted among the existing rulesin the depth-first match order. Note that the IDs of the rules still remain the same.z You can modify the match order of an ACL with the acl number acl-number [ name acl-name ]match-order { auto | config } command, but only when the ACL does not contain any rules.z The rule specified in the rule comment command must already exist.Configuring an Advanced IPv4 ACLAdvanced IPv4 ACLs match packets based on source IP address, destination IP address, protocolcarried over IP, and other protocol header fields, such as the TCP/UDP source port number, TCP/UDPdestination port number, TCP flag, ICMP message type, and ICMP message code.In addition, advanced IPv4 ACLs allow you to filter packets based on three priority criteria: type ofservice (ToS), IP precedence, and differentiated services codepoint (DSCP) priority.Advanced IPv4 ACLs are numbered in the range 3000 to 3999. Compared with basic IPv4 ACLs, theyallow of more flexible and accurate filtering.Configuration PrerequisitesIf you want to reference a time range in a rule, define it with the time-range command first.Configuration ProcedureFollow these steps to configure an advanced IPv4 ACL: