Configuring an IPv4 advanced ACL

1. Enter system view.

system-view

N/A

2. Create an IPv4 advanced ACL and enter its view.

acl number acl-number [ name acl-name ] [ match-order { auto | config } ]

By default, no ACL exists.

IPv4 advanced ACLs are numbered in the range of 3000 to 3999.

You can use the acl name acl-name command to enter the view of a named ACL.

3. Configure a description for the IPv4 advanced ACL.

description text

Optional.

By default, an IPv4 advanced ACL has no ACL description.

4. Set the rule numbering step.

step step-value

Optional.

The default setting is 5.

5. Create or edit a rule.

rule [ rule-id ] { deny | permit } protocol [ { { ack ack-value | fin fin-value | psh psh-value | rst rst-value | syn syn-value | urg urg-value } * | established } | counting | destination { dest-address dest-wildcard | any } | destination-port operator port1 [ port2 ] | dscp dscp | fragment | icmp-type { icmp-type [ icmp-code ] | icmp-message } | logging | precedence precedence | source { source-address source-wildcard | any } | source-port operator port1 [ port2 ] | time-range time-range-name | tos tos | vpn-instance vpn-instance-name ] *

By default, an IPv4 advanced ACL does not include any rule.

Support for the counting keyword depends on the device model.

The logging keyword takes effect only when the module using the ACL supports logging.

6. Add or edit a rule comment.

rule rule-id comment text

Optional.

By default, no rule comments are configured.

7. Add or edit a rule range remark.

rule [ rule-id ] remark text

Optional.

By default, no rule range remarks are configured.