Operation Manual – ACLH3C S7500 Series Ethernet Switches Chapter 1 ACL Configuration1-19When you specify the rule ID by using the rule command, note that:z If the ACL is created with the config keyword specified and the rule identified bythe rule-id argument exists, the settings specified in the rule command overwritethe counterparts of the existing rule (other settings of the rule remain unchanged).If the ACL is created the auto keyword specified, the rules of the ACL cannot beedited. In this case, the system will prompt errors when you execute the rulecommand.z If the rule corresponding to the specified rule ID does not exist, you will create anddefine a new rule.z The content of a modified or newly created rule must not be identical with thecontent of any existing rule; otherwise the rule modification or creation will befailed, and the system will prompt that the rule already exists.If you do not specify a rule ID, you will create and define a new rule, and the system willassign an ID for the rule automatically.Note:Only LPUs other than Type A support the user-defined ACL.1.8.3 Configuration Example# Configure ACL 5001 to deny all TCP packets. system-view[H3C] time-range t1 18:00 to 23:00 sat[H3C] acl number 5001[H3C-acl-user-5001] rule 25 deny 06 ff 27 time-range t1[H3C-acl-user-5001] display acl config 5001User defined ACL 5001, 1 rulerule 25 deny 06 ff 27 time-range t1 (0 times matched) (Inactive)1.9 Applying ACLs on PortsBy applying ACLs on ports, you can filter certain packets.1.9.1 Configuration PreparationYou need to define an ACL before applying it on a port. For operations to define ACLs,refer to Defining Basic ACLs, Defining Advanced ACLs, Defining Layer 2 ACLs, andDefining User-Defined ACLs.