658 IP Access Control List Commands
{{range{portkey|start
port}{portkey|endport
}|{eq|neq|lt|gt}
{
portkey
|
0-
65535
}
]
This option is available only if the protocol is
TCP or UDP.
Specifies the source layer 4 port match condition
for the IP ACL rule. You can use the port
number, which ranges from 0-65535, or you
specify the
portkey, which can be one of the
following keywords:
◆ For TCP: bgp, domain, echo, ftp, ftp-
data
, http, smtp, telnet, www, pop2,
pop3.
◆ For UDP: domain, echo, ntp, rip,
snmp, tftp
, time, and who.
For both TCP and UDP, each of these keywords
translates into its equivalent port number, which
is used as both the start and end of a port range.
If
range is specified, the IP ACL rule matches
only if the layer 4 port number falls within the
specified portrange. The
startport and
endport parameters identify the first and last
ports that are part of the port range. They have
values from 0 to 65535. The ending port must
have a value equal or greater than the starting
port. The starting port, ending port, and all ports
in between will be part of the layer 4 port range.
When
eq is specified, the IP ACL rule matches
only if the layer 4 port number is equal to the
specified port number or portkey.
When
lt is specified, IP ACL rule matches if the
layer 4 port number is less than the specified port
number or portkey. It is equivalent to specifying
the range as 0 to <specified port number – 1>.
When
gt is specified, the IP ACL rule matches if
the layer 4 port number is greater than the
specified port number or portkey. It is equivalent
to specifying the range as <specified port
number + 1> to 65535.
When
neq is specified, IP ACL rule matches
only if the layer 4 port number is not equal to the
specified port number or portkey.
Two rules are added in the hardware one with
range equal to 0 to <specified port number _- 1>
and one with range equal to <<specified port
Parameter Description
To Next Page
Loading...
