Copying an acl, Applying an acl for packet filtering, R to – H3C Technologies H3C S5120 Series Switches User Manual
Page 535
1-9
z
You can only modify the existing rules of an ACL that uses the match order of config. When
modifying a rule of such an ACL, you may choose to change just some of the settings, in which
case the other settings remain the same.
z
You cannot create a rule with, or modify a rule to have, the same permit/deny statement as an
existing rule in the ACL.
z
When the ACL match order is auto, a newly created rule will be inserted among the existing rules
in the depth-first match order. Note that the IDs of the rules still remain the same.
z
You can modify the match order of an ACL with the acl number acl-number [ name acl-name ]
match-order { auto | config } command, but only when the ACL does not contain any rules.
z
The rule specified in the rule comment command must already exist.
Copying an ACL
You can create an ACL by copying an existing ACL. The new ACL has the same properties and content
as the source ACL except the ACL number and name.
To copy an ACL successfully, ensure that:
z
The destination ACL number is from the same category as the source ACL number.
z
The source ACL already exist but the destination ACL does not.
Copying an ACL
Follow these steps to copy an ACL:
To do…
Use the command…
Remarks
Enter system view
system-view
—
Copy an existing ACL to create a
new ACL
acl copy { source-acl-number |
name source-acl-name } to
{ dest-acl-number | name
dest-acl-name }
Required
Applying an ACL for Packet Filtering
You can apply an ACL to the inbound direction of an ethernet interface or VLAN interface to filter
received packets such as Ethernet frames and IPv4 packets.
ACLs on VLAN interfaces filter only packets forwarded at Layer 3.