Chapter 7: Quality of Service Commands 665
[{range {portkey |
startport}
{
portkey |
endport} | {eq | neq |
lt | gt} {
portkey | 0-
65535} ]
This option is available only if the protocol is tcp or
udp.
Specifies the layer 4 port match condition for the IP
ACL rule. Port number can be used, which ranges
from 0-65535, or the portkey, which can be one of
the following keywords:
◆ For tcp protocol: bgp, domain, echo, ftp, ftp-
data, http, smtp, telnet, www, pop2, pop3
◆ For udp protocol: domain, echo, ntp, rip, snmp,
tftp, time, who
Each of these keywords translates into its equivalent
port number.
When range is specified, the IP ACL rule matches
only if the layer 4 port number falls within the
specified port range. The startport and endport
parameters identify the first and last ports that are
part of the port range. They have values from 0 to
65535. The ending port must have a value equal to
or greater than the starting port. The starting port,
ending port, and all ports in between will be part of
the layer 4 port range.
When eq is specified, IP ACL rule matches only if
the layer 4 port number is equal to the specified port
number or portkey.
When lt is specified, IP ACL rule matches if the
layer 4 port number is less than the specified port
number or portkey. It is equivalent to specifying the
range as 0 to <specified port number – 1>.
When gt is specified, IP ACL rule matches if the
layer 4 port number is greater than the specified port
number or portkey. It is equivalent to specifying the
range as <specified port number + 1> to 65535.
When neq is specified, IP ACL rule matches only if
the layer 4 port number is not equal to the specified
port number or port key. Two rules are added in the
hardware one with range equal to 0 to <specified
port number _- 1> and one with range equal to
<<specified port number _+ 1 to 65535>>.
Port number matches only apply to unfragmented or
first fragments.
Parameter Description
To Next Page
Loading...
