How Can I Check the Order in Which ACL Rules Take Effect?
Run the display acl { acl-number | name acl-name | all } or display acl ipv6 { acl6-number | name acl6-name | all } command in any view or the display this command in the ACL view to check the order in which ACL rules take effect, as shown in Table 1.
ACL Type |
Order |
|---|---|
ACL in config mode |
The rules with smaller IDs take effect earlier than the rules with larger IDs. |
ACL in auto mode |
The rules with smaller IDs take effect earlier than the rules with larger IDs. |
ACL6 in config mode |
The rules with smaller IDs take effect earlier than the rules with larger IDs. |
ACL6 in auto mode |
The rules in front lines take effect earlier than the rules in latter lines. The rules may not be arranged in the ascending order of rule IDs. |
When multiple traffic policies using ACLs are applied to a device, if a packet matches the ACL rules in different traffic policies, the matching order of the ACL rules depends on the processing mechanism of the traffic policy module. For details, see Configuration Guide - QoS of the corresponding product version.