Applicable Products and Versions:
Failure to Create a Traffic Policy with a User-Defined ACL.
A traffic policy with a user-defined ACL cannot be created.
[HUAWEI] acl number 5000 //Configure a user-defined ACL.
[HUAWEI-acl-user-5000] rule 5 permit l4-head 0x00000868 0x0000ffff 0 //Match a two-byte character string in the Layer 4 packet header. The matched character string is 0x00000868 and 0 indicates the offset.
[HUAWEI-acl-user-5000] rule 10 permit l4-head 0x00060000 0x00ff0000 24 //Match a one-byte character string in the Layer 4 packet header. The matched character string is 0x00000868 and 24 indicates the offset.
[HUAWEI] traffic classifier c1 operator or //Create a traffic classifier, and set the relationship between rules to OR (A packet belongs to the class if it matches one or more of the rules.)
[HUAWEI-classifier-c1] if-match acl 5000 //Create an ACL-based matching rule.
[HUAWEI] traffic behavior b5000 //Create a traffic behavior.
[HUAWEI-behavior-b1] redirect interface gigabitethernet0/0/24 //Redirect packets to GE0/0/24.
[HUAWEI] traffic policy p5000 //Create a traffic policy.
[HUAWEI-trafficpolicy-p5000] classifier c1 behavior b1 //Bind the traffic classifier to the traffic behavior.
Info: This operation maybe take a long time, please wait for a moment.
Error:Add rule failed, slot 0, policy p5000, class c1, behavior b1 acl 5000, rule 10, on interface GigabitEthernet0/0/21.
Check the offsets in the ACL rules applied to the traffic policy. Ensure that the same offset is used.
[HUAWEI] display acl 5000
The traffic policy failed to be created because the user-defined ACL rules contain different offsets.
If user-defined ACL rules are applied to a traffic policy, the offsets in the rules must be the same.