< Home

acl (system view)

Function

The acl command creates an ACL with the specified number and enters the ACL view.

The undo acl command deletes a specified ACL.

By default, no ACL is created.

Format

acl [ number ] acl-number [ match-order { auto | config } ]

undo acl { [ number ] acl-number | all }

Parameters

Parameter

Description

Value

number

Specifies the number that identifies an ACL.

-

acl-number

Specifies the number of an ACL.

The value is an integer.

  • The number of a basic ACL ranges from 2000 to 2999.
  • The number of an advanced ACL ranges from 3000 to 3999.
  • The number of a Layer 2 ACL ranges from 4000 to 4999.
  • The number of a user defined ACL ranges from 5000 to 5999.
  • The number of a user ACL ranges from 6000 to 9999.

match-order { auto | config }
Indicates the matching order of ACL rules.
  • auto: indicates that ACL rules are matched based on the depth first principle.

    If the ACL rules are of the same depth first order, they are matched in ascending order of rule IDs.

  • config: indicates that ACL rules are matched based on the configuration order.

    The ACL rules are matched based on the configuration order only when the rule ID is not specified. If rule IDs are specified, the ACL rules are matched in ascending order of rule IDs.

If the match-order parameter is not specified when you create an ACL, the default match order config is used.

-

all

Indicates that all ACLs are deleted.

-

Views

System view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

An ACL consists of a series of rules defined by multiple permit or deny clauses. ACLs are mainly applied to QoS, route filtering, and user access. The major functions of ACLs are as follows:

  • Limit data flows to improve network performance. For example, ACLs are configured on an enterprise network to limit video data flows, which lowers the network load and improves network performance.

  • Provide flow control. For example, ACLs are used to limit transmission of routing updates so that the bandwidth is saved.

  • Provide network access security. For example, ACLs are configured to allow specified users to access the human resource network.

Follow-up Procedure

Run the rule command to configure ACL rules and apply the ACL to services for which packets need to be filtered.

Precautions

  • After you create an ACL using the acl command, the ACL still exists even if you exit from the ACL view. You must run the undo acl acl-number command to delete the ACL.
  • When you delete an ACL that has been referenced by other services, the services may be interrupted. Before deleting an ACL, ensure that the ACL is not in use.
  • You are advised not to delete all ACLs because this operation may cause a service interruption.

Example

# Create an ACL numbered 2000.

<HUAWEI> system-view
[HUAWEI] acl number 2000
Parent Topic: ACL Configuration Commands
Copyright © Huawei Technologies Co., Ltd.
Copyright © Huawei Technologies Co., Ltd.
< Previous topic Next topic >