undo rule (UCL view)

Function

The undo rule command deletes an ACL in the user ACL view.

By default, no user ACL rule has been created.

Format

undo rule rule-id { destination | destination-port | dscp | icmp-type | logging | precedence | source | source-port | time-range | tos | fragment-type | syn-flag | vlan | inner-vlan | source-pool | destination-pool } *

Parameters

Parameter Description Value
destination

Matches packets based on destination IP addresses.

-
destination-port

Specify destination port.

-
dscp

Matches packets based on the 6-bit DSCP field in an IPv4 packet as defined in standard protocols.

-
icmp-type

Matches ICMP packets based on the ICMP type and message code.

-
precedence

Matches packets based on the high-order 3-bit ToS field in an IP packet as defined in standard protocols.

-
source

Matches packets based on source IP addresses.

-
source-port

Specify source port.

-
time-range

Specifies a time range during which an ACL rule takes effect.

-
tos

Matches packets based on the 4-bit ToS field in an IPv4 packet as defined in standard protocols.

-
fragment-type

Matches packets based on the fragment type of the packets.

-
syn-flag

Matches packets based on the fragment type of the packets.

-
vlan

Specifies an outer VLAN ID.

-
inner-vlan

Specifies inner VLAN ID.

-
source-pool

Specify source port pool.

-
destination-pool

Specify destination port pool.

-
undo

Cancel current setting.

-
rule rule-id

Specifies the ID of a user ACL rule.

The value is an integer ranging from 0 to 4294967294.

Views

UCL view

Default Level

2: Configuration level

Task Name and Operations

Task Name Operations
acl write

Usage Guidelines

Usage Scenario

To delete an ACL rule in the user ACL view, run the undo rule command.

Prerequisites

A user ACL has been created using the acl command.

A validity period has been configured using the time-range command in the system view if you want the specified user ACL rule to take effect only in a specified period of time.

Configuration Impact

When specifying a user ACL rule ID, note the following:

  • If a rule with a specified rule ID already exists, and the new rule conflicts with the existing one, the conflicting part in the new rule overwrites that in the existing rule.
  • If no rule with the specified rule ID exists, a rule with the specified rule ID is created.

    When a user ACL rule ID is not specified and a rule is added, the system automatically allocates an ID to this rule. User ACL rules are arranged in ascending order of rule IDs, with the difference between two adjacent rules as an ACL increment.

    The rule numbers automatically generated by the system start from the ACL increment. For example, if the ACL increment is 5, the rule number starts from 5; if the ACL increment is 2, the rule number starts from 2. This allows you to add rules before the first rule.

    Exercise caution when you run the rule deny ip command. This configuration may cause a service interruption.

Precautions

If auto is configured when you run the acl command to create an ACL, you cannot specify a rule ID when creating a rule. The system automatically uses the ACL increment as the start rule ID, and the subsequent rules are numbered by an ACL increment in ascending order.

If rule-id is not specified when you run the rule command to create an ACL, the system automatically assigns an ID to the ACL rule. You can run the display acl command to check the rule ID automatically assigned to an ACL.

If name rule-name is not specified when you run the rule command to create an ACL, the system automatically generates a name for the ACL in the format of "rule"+"_"+rule ID. Rule ID is the ID of an ACL rule that can be specified using the rule-id parameter or automatically assigned by the system. You can check the automatically generated name of an ACL rule through the NMS.

You must specify the rule ID when deleting a rule. To check rule IDs, run the display acl command.

Before deleting an ACL rule, run the display acl command to check whether the ACL rule has been applied to other services. Delete the rule only when it is not applied to other services.

Example

# Create a user ACL numbered 6999 and create a user ACL rule to prohibit the host with any source service group from sending IP packets to a host with any destination user group, delete an ACL rule in the user ACL view.
<HUAWEI> system-view
[~HUAWEI] acl number 6999
[*HUAWEI-acl-ucl-6999] rule 1 deny ip source service-group any destination user-group any
[*HUAWEI-acl-ucl-6999] undo rule 1 source
Parent Topic: ACL Configuration Commands
Copyright © Huawei Technologies Co., Ltd.
Copyright © Huawei Technologies Co., Ltd.
< Previous topic Next topic >