acl name (user ACL)

Function

The acl name command creates a user ACL and displays the ACL view. If a user ACL already exists, this command directly displays the ACL view.

The undo acl name command deletes a created user ACL.

By default, no user ACL has been created.

Format

acl name ucl-acl-name ucl [ match-order { auto | config } ]

acl name ucl-acl-name [ ucl ] number ucl-acl-number [ match-order { auto | config } ]

Parameters

Parameter Description Value
ucl

Creates a user ACL with a keyword.

-
match-order

Indicates the order in which user ACL rules are matched.

-
auto

Indicates the automatic order, meaning that ACL rules are matched based on the depth-first principle.

  • The depth-first principle matches ACL rules based on how precise the rules are. The more matching criteria an ACL rule contains, the more precise the rule is.
  • If two rules have the same precision, they are matched in the order they are configured.

-
config

ndicates the configuration order, meaning that ACL rules are matched in the order they are configured.

This mechanism applies only when rule numbers are not specified. If rule numbers are specified, the ACL rules are matched based on the numbers in ascending order.

-
name ucl-acl-name

Creates a user ACL with a name.

The value is a string of 1 to 64 case-sensitive characters, spaces not supported.
number ucl-acl-number

Creates a UCL ACL with a name.

The value is an integer ranging from 6000 to 9999.

Views

System view

Default Level

2: Configuration level

Task Name and Operations

Task Name Operations
acl write

Usage Guidelines

Usage Scenario

Packets can be matched based on the source/destination IP address, source/destination service group, source/destination user group, source/destination port number, and protocol type. To create a user ACL, run the acl command.

Configuration Impact

The undo acl all command deletes all types of ACLs on a device. If the ACLs being deleted are applied to services, these services are interrupted. Before deleting an ACL, ensure that the ACL is not referenced by services.

Follow-up Procedure

Run the rule command to configure a rule for a created user ACL. Then the ACL rule can be applied to match packets.

Run the description command to configure a description for a created user ACL. The description can contain the functions of the user ACL, facilitating applications.

Example

# Create a user-defined ACL named ucl-acl.
<HUAWEI> system-view
[~HUAWEI] acl name ucl-acl ucl
Parent Topic: ACL Configuration Commands
Copyright © Huawei Technologies Co., Ltd.
Copyright © Huawei Technologies Co., Ltd.
< Previous topic Next topic >