11
ACL rule numbering
ACL rule numbering step
If you do not assign an ID for the rule you are creating, the system automatically assigns
it a rule ID. The rule numbering step sets the increment by which the system
automatically numbers rules. For example, the default ACL rule numbering step is 5. If
you do not assign IDs to rules you are creating, they are numbered 0, 5, 10, 15, and so on.
The wider the numbering step, the more rules you can insert between two rules.
By introducing a gap between rules rather than contiguously numbering rules, you have
the flexibility of inserting rules in an ACL. This feature is important for a config order ACL,
where ACL rules are matched in ascending order of rule ID.
Automatic rule numbering and re-numbering
The ID automatically assigned to an ACL rule takes the nearest higher multiple of the
numbering step to the current highest rule ID, starting with 0.
For example, if the numbering step is 5 (the default), and there are five ACL rules
numbered 0, 5, 9, 10, and 12, the newly defined rule is numbered 15. If the ACL does not
contain any rule, the first rule is numbered 0.
Whenever the step changes, the rules are renumbered, starting from 0. For example, if
there are five rules numbered 5, 10, 13, 15, and 20, changing the step from 5 to 2 causes
the rules to be renumbered 0, 2, 4, 6 and 8.
Implementing time-based ACL rules
You can implement ACL rules based on the time of day by applying a time range to
them. A time-based ACL rule takes effect only in any time periods specified by the time
range.
Two basic types of time range are available:
Periodic time range, which recurs periodically on a day or days of the week.
Absolute time range, which represents only a period of time and does not recur.
You may apply a time range to ACL rules before or after you create it. However, the
rules using the time range can take effect only after you define the time range.