Operation Manual – QoS/ACLH3C S9500 Series Routing Switches Chapter 1 ACL Configuration1-9Note:z If the time-range keyword is not selected, the ACL will be effective at any time afterbeing activated.z You can define multiple sub rules for the ACL by using the rule command severaltimes.z When the QoS/ACL action is configured under the port, if the QoS/ACL is appliedwithout sub rules, the QoS/ACL is matched as per the matching order defined in theACL rule; if applied with specific sub rules, the QoS/ACL is matched as per thesequence applied under the port.z By default, ACL rules are matched in config order.z If you want to replace an existing rule, you are recommended to use the undocommand to delete the original rule first and then reconfigure the rule.I. Defining basic ACLBasic ACLs only make rules and process packets according to the source IPaddresses.Perform the following configurations in the specified views.Table 1-9 Define basic ACLOperation CommandEnter basic ACL view(system view)acl { number acl-number | name acl-name basic }[ match-order { config | auto } ]Define an ACL rule(basic ACL view)rule [ rule-id ] { permit | deny } [ source { source-addrwildcard | any } | fragment | time-range name |vpn-instance instance-name ]*Delete an ACL rule(basic ACL view)undo rule rule-id [ source | fragment | time-range |vpn-instance instance-name ]*Delete an ACL or allACLs (system view) undo acl { number acl-number | name acl-name | all }II. Defining advanced ACLAdvanced ACLs define classification rules and process packets according to theattributes of the packets such as source and destination IP addresses, TCP/UDP portsused, and packet priority. ACLs support three types of priority schemes: ToS (type ofservice) priority, IP priority and DSCP priority.Perform the following configurations in the specified view.
