The acl name command creates an advanced ACL and displays the ACL view. If the advanced ACL already exists, this command directly displays the ACL view.
The undo acl name command deletes a created advanced ACL.
By default, no advanced ACL is created.
| Parameter | Description | Value |
|---|---|---|
| advance |
Creates an advanced ACL with a keyword. |
- |
| match-order |
Indicates the order in which advanced ACL rules are matched. |
- |
| config |
Indicates the configuration order, meaning that ACL rules are matched in the order they are configured. This mechanism applies only when rule numbers are not specified. If rule numbers are specified, the ACL rules are matched based on the numbers in ascending order. |
- |
| auto |
Indicates the automatic order, meaning that ACL rules are matched based on the depth-first principle.
|
- |
| name advance-acl-name |
Creates an advanced ACL with a name. |
The value is a string of 1 to 64 case-sensitive characters, spaces not supported. The name must start with a letter or digit, and cannot contain only digits. |
| number advance-acl-number |
Creates an advanced ACL with a number. |
The value is an integer ranging from 3000 to 3999. |
Usage Scenario
Advanced ACLs match packets based on the source IP address, destination IP address, IP protocol type, and protocol-specific configurations (for example, source and destination TCP ports and ICMP protocol type and code) of the packets. To create an advanced ACL, run the acl command.
Configuration Impact
The undo acl all command deletes all types of ACLs on a device. If the ACLs being deleted are applied to services, these services are interrupted. Before deleting an ACL, ensure that the ACL is not referenced by services.
Follow-up Procedure
Run the rule command to configure a rule for a created advanced ACL. Then the ACL rule can be applied to match packets.
Run the description command to configure a description for a created advanced ACL. The description can contain the functions of the advanced ACL, facilitating applications.