Operation Manual – ACLH3C S7500 Series Ethernet Switches Chapter 1 ACL Configuration1-91.6 Defining Advanced ACLsAdvanced ACLs define classification rules according to the source and destination IPaddresses of packets, the type of protocol over IP, and protocol-specific features suchas TCP/UDP source and destination ports, ICMP protocol type, code, and so on.The value range for advanced ACL numbers is 3,000 to 3,999. Note that ACL 3998 andACL 3999 cannot be configured because they are reserved for the clustermanagement.Advanced ACLs support analysis and processing of three packet priority levels: type ofservice (ToS) priority, IP priority and differentiated services codepoint Priority (DSCP).Using advanced ACLs, you can define classification rules that are more accurate,abundant, and flexible than those defined with basic ACLs.1.6.1 Configuration PrerequisitesBefore configuring an ACL rule containing time range arguments, you need to definethe corresponding time ranges. For the configuration of time ranges, refer toConfiguring Time Ranges.The values of source and destination IP addresses, the type of the protocols over IP,and protocol-specific features in the rule have been defined.1.6.2 Configuration ProcedureTable 1-5 Define an advanced ACL ruleTo do... Use the command... RemarksEnter system view system-view —Create or enteradvanced ACL viewacl { number acl-number |name acl-name [ advanced |basic | link | user ] }[ match-order { config |auto } ]RequiredBy the default, the matchorder is config.Define an rule rule [ rule-id ] { permit | deny }rule-string RequiredDisplay ACLinformationdisplay acl config { all |acl-number | acl-name }OptionalThis command can beexecuted in any view.rule-string: rule information, which can be combination of the parameters described inTable 1-6. You must configure the protocol argument in the rule information before youcan configure other arguments.