1-16
Table 1-11 TCP/UDP-specific ACL rule information
Parameters Type Function Description
source-port
operator port1
[ port2 ]
Source port
Defines the source
port information of
UDP/TCP packets
destination-po
rt operator port1
[ port2 ]
Destination
port
Defines the
destination port
information of
UDP/TCP packets
The value of operator can be lt (less than),
gt (greater than), eq (equal to), neq (not
equal to) or range (within the range of).
Only the range operator requires two port
numbers as the operands. The other
operators require only one port number as
the operand.
port1 and port2: TCP/UDP port number(s),
expressed as port names or port numbers.
When expressed as numerals, the value
range is 0 to 65535.
With the range operator, the value of port2
does not need to be greater than that of
port1 because the switch can automatically
judge the value range. If the value of port1 is
the same as that of port2, the switch will
convert the operator range to eq.
Note that if you specify a combination of lt 1
or gt 65534, the switch will convert it to eq 0
or eq 65535.
established
TCP
connection
flag
Specifies that the
rule is applicable
only to the first SYN
segment for
establishing a TCP
connection
TCP-specific argument
If TCP or UDP port number is represented by name, you can also define the information listed in
Table
1-12.
Table 1-12 TCP or UDP port values
Type Value
TCP
CHARgen (19), bgp (179), cmd (514), daytime (13), discard (9), domain (53),
echo (7), exec (512), finger (79), ftp (21), ftp-data (20), gopher (70), hostname
(101), irc (194), klogin (543), kshell (544), login (513), lpd (515), nntp (119), pop2
(109), pop3 (110), smtp (25), sunrpc (111), tacacs (49), talk (517), telnet (23),
time (37), uucp (540), whois (43), www (80)
UDP
biff (512), bootpc (68), bootps (67), discard (9), dns (53), dnsix (90), echo (7),
mobilip-ag (434), mobilip-mn (435), nameserver (42), netbios-dgm (138),
netbios-ns (137), netbios-ssn (139), ntp (123), rip (520), snmp (161), snmptrap
(162), sunrpc (111), syslog (514), tacacs-ds (65), talk (517), tftp (69), time (37),
who (513), xdmcp (177)
If the protocol type is ICMP, you can also define the information listed in
Table 1-13.
To Next Page
Loading...
Need help?
General