21
Parameters Function Description
time-range-name
the rule. case-insensitive string of 1 to 32 characters. It must
start with an English letter. If the time range is not
configured, the system creates the rule. However,
the rule using the time range can take effect only
after you configure the time range.
For more information about time range, see ACL and
QoS Configuration Guide.
vpn-instance
vpn-instance-name
Applies the rule to an MPLS
L3VPN instance.
The vpn-instance-name argument is a
case-sensitive string of 1 to 31 characters.
If you do not specify a VPN instance, the rule applies
to both non-VPN packets and VPN packets.
If the protocol argument is tcp (6) or udp (7), set the parameters shown in Table 8.
Table 8 TCP/UDP-specific parameters for IPv4 advanced ACL rules
Parameters Function Description
source-port
operator port1
[ port2 ]
Specifies one or
more UDP or TCP
source ports.
The operator argument can be
lt
(lower than),
gt
(greater than),
eq
(equal to),
neq
(not equal to), or
range
(inclusive range).
The port1 and port2 arguments are TCP or UDP port numbers in
the range of 0 to 65535. The port2 argument is needed only when
the operator argument is
range
.
TCP port numbers can be represented as:
chargen
(19),
bgp
(179),
cmd
(514),
daytime
(13),
discard
(9),
dns
(53),
domain
(53),
echo
(7),
exec
(512),
finger
(79),
ftp
(21),
ftp-data
(20),
gopher
(70),
hostname
(101),
irc
(194),
klogin
(543),
kshell
(544),
login
(513),
lpd
(515),
nntp
(119),
pop2
(109),
pop3
(110),
smtp
(25),
sunrpc
(111),
tacacs
(49),
talk
(517),
telnet
(23),
time
(37),
uucp
(540),
whois
(43), and
www
(80).
UDP p
ort numbers can be represented as:
biff
(512),
bootpc
(68),
bootps
(67),
discard
(9),
dns
(53),
dnsix
(90),
echo
(7),
mobilip-ag
(434),
mobilip-mn
(435),
nameserver
(42),
netbios-dgm
(138),
netbios-ns
(137),
netbios-ssn
(139),
ntp
(123),
rip
(520),
snmp
(161),
snmptrap
(162),
sunrpc
(111),
syslog
(514),
tacacs-ds
(65),
talk
(517),
tftp
(69),
time
(37),
who
(513), and
xdmcp
(177).
destination-port
operator port1
[ port2 ]
Specifies one or
more UDP or TCP
destination ports.
{
ack
ack-value |
fin
fin-value |
psh
psh-value |
rst
rst-value |
syn
syn-value |
urg
urg-value } *
Specifies one or
more TCP flags
including ACK,
FIN, PSH, RST,
SYN, and URG.
Parameters specific to TCP.
The value for each argument can be 0 (flag bit not set) or 1 (flag bit
set).
The TCP flags in a rule are ANDed. For example, a rule configured
with
ack
0
psh
1 matches packets that have the ACK flag bit not
set and the PSH flag bit set.
established
Specifies the flags
for indicating the
established status
of a TCP
connection.
Parameter specific to TCP.
The rule matches TCP packets with the ACK or RST flag bit set.
If the protocol argument is icmp (1), set the parameters shown in Table 9.
Table 9 ICMP-specific parameters for IPv4 advanced ACL rules
Parameters Function Description
icmp-type
{ icmp-type
icmp-code |
Specifies the ICMP
message type and
code.
The icmp-type argument is in the range of 0 to 255.
The icmp-code argument is in the range of 0 to 255.
To Next Page
Loading...
