acl number

Function

The acl number command creates an ACL and displays the ACL view. If an ACL already exists, this command directly displays the ACL view.

The undo acl number command deletes a created ACL.

By default, no ACL has been created.

Format

acl [ number ] basic-acl-number [ match-order { config | auto } ]

acl [ number ] interface-based-acl-number [ match-order { config | auto } ]

acl [ number ] advance-acl-number [ match-order { config | auto } ]

acl [ number ] link-acl-number [ match-order { config | auto } ]

acl [ number ] mpls-acl-number

acl [ number ] ucl-acl-number [ match-order { auto | config } ]

undo acl [ number ] basic-acl-number

undo acl [ number ] interface-based-acl-number

undo acl [ number ] advance-acl-number

undo acl [ number ] link-acl-number

undo acl [ number ] mpls-acl-number

undo acl all

undo acl [ number ] ucl-acl-number

Parameters

Parameter	Description	Value
basic-acl-number	Creates a basic ACL with a number.	The value is an integer ranging from 2000 to 2999.
match-order	Indicates the order in which ACL rules are matched.	-
config	Indicates the configuration order, meaning that ACL rules are matched in the order they are configured. This mechanism applies only when rule numbers are not specified. If rule numbers are specified, the ACL rules are matched based on the numbers in ascending order.	-
auto	Indicates the automatic order, meaning that ACL rules are matched based on the depth-first principle. The depth-first principle matches ACL rules based on how precise the rules are. The more matching criteria an ACL rule contains, the more precise the rule is.If two rules have the same precision, they are matched in the order they are configured.	-
interface-based-acl-number	Creates an interface ACL with a number.	The value is an integer ranging from 1000 to 1999.
advance-acl-number	Creates an advanced ACL with a number.	The value is an integer ranging from 3000 to 3999.
link-acl-number	Creates a Layer 2 ACL with a number.	The value is an integer ranging from 4000 to 4999.
mpls-acl-number	Creates an MPLS-based ACL with a number.	The value is an integer ranging from 10000 to 10999.
ucl-acl-number	Creates a user ACL with a number.	The value is an integer ranging from 6000 to 9999.
all	All the ACLs.	-

Views

System view

Default Level

2: Configuration level

Task Name and Operations

Task Name	Operations
acl	write

Usage Guidelines

Usage Scenario

This command is used to create an ACL with a specified number and display the ACL view. If the ACL to be created already exists, this command directly displays the ACL view.

Configuration Impact

The undo acl all command deletes all types of ACLs on a device. If the ACLs being deleted are applied to services, these services are interrupted. Before deleting an ACL, ensure that the ACL is not referenced by services.

Follow-up Procedure

Run the rule command to configure a rule for a created ACL. Then the ACL rule can be applied to match packets.

Run the description command to configure a description for a created user ACL. The description can contain the functions of the user ACL, facilitating applications.

Example

# Create an interface ACL numbered 1999.

<HUAWEI> system-view
[~HUAWEI] acl number 1999

# Create a Layer 2 ACL numbered 4999.

<HUAWEI> system-view
[~HUAWEI] acl number 4999

# Create an advanced ACL numbered 3999.

<HUAWEI> system-view
[~HUAWEI] acl number 3999

# Create a basic ACL numbered 2999.

<HUAWEI> system-view
[~HUAWEI] acl number 2999

# Create an MPLS-based ACL numbered 10999.

<HUAWEI> system-view
[~HUAWEI] acl number 10999

# Create a user ACL numbered 6999.

<HUAWEI> system-view
[~HUAWEI] acl number 6999