Q: MA5200G VRP3.30-23xx is configured with ACL, and it prompts "Error: Simple acl must has the same match-order as traffic policy". How to troubleshoot it?
A: traffic policy and ACL have both auto and config matching orders (according to configuration order by default). Both have an important principle: the bound ACL must have the same matching order with traffic policy, or the binding fails(it must be noted in configuration).
If the bound acl and traffic policy have different sequencing, it prompts as follows:
Error: Simple acl must has the same match-order as traffic policy
(Error:Simple ACL must have the same match-oder as the policy does)
acl number 10001
rule id 5 icmp source ip-address 100.X.X.X 0.0.0.255 destination ip-address 200.X.X.X 0.0.0.255
traffic classifier c1
if-match acl 10001
traffic behavior b1
traffic policy w1
classifier c1 behavior inbound b1 precedence 0
Here, both ACL 10001 and traffic policy w1 must have the same matching order.
Note: How to check the matching order of acl and traffic policy:
1. Check the configuration file
acl number 10001 //matching according to configuration order by default
acl number 10002 match-order auto //auto-sequencing
traffic policy w1 //matching according to configuration order by default
traffic policy w2 auto //auto-sequencing
2. The matching order of ACL could be checked through command. traffic policy could only be checked through configuration.
[Quidway]display acl 10000
Simple ACL 10000, 1 rule //sequencing according to configuration order by default
[Quidway]display acl 10001
Simple ACL 10001, 1 rule, match-order is auto //auto-sequencing