Configuring an MPLS-based ACL Rule

Procedure

1. Run system-view

   The system view is displayed.

2. Run acl { name mpls-acl-name { mpls | [ mpls ] number mpls-acl-number } | [ number ] mpls-acl-number }

   The MPLS-based ACL view is displayed.

3. Run rule [ rule-id ] [ name rule-name ] { permit | deny } [ [ exp { exp-value | any } &<1-4> ] | [ label { label-value | any } &<1-4> ] | [ ttl { { lt | eq | gt } ttlBegin | range ttlBegin ttlEnd | any } &<1-3> ] ] ^*

   Rules are configured for the MPLS-based ACL.

   • Adding new rules to an ACL will not affect the existing rules.

   • If an existing rule is edited and the edited content conflicts with the original one, the edited content takes effect.

   

   When you configure a rule for an MPLS-based ACL:

   • If an EXP value is specified by configuring exp, a label value is specified by configuring label, and a TTL value is specified by configuring ttl, the system filters only the packets with the specified EXP, label, and TTL values.
   • If all EXP, label, and TTL values are specified by configuring any, the system does not check MPLS packets' EXP, label, and TTL values, and considers that all packets have matched the rule and directly takes an action (deny or permit) on the packets.

4. (Optional) Run rule rule-id description destext

   A description is configured for an ACL rule.

   The description of an ACL rule can contain the functions of the ACL rule. Configuring a description for an ACL rule is recommended to prevent misuse of the rule in the following situations:

   • A large number of ACLs are configured, and their functions are difficult to identify.
   • An ACL is used at a long interval, and its function may be left forgotten.

5. Run commit

   The configuration is committed.