Quality of Service (QoS) Commands
261
ProSAFE M7100 Managed Switches
range
portkey or startport
and
portkey or endport
or
eq, neq, lt, or gt
and
portkey or 0-65535
Note: This option is available only if the protocolkey is either tcp or
udp.
Specifies the layer 4 port match condition for the IP ACL rule if the
layer 4 por
t number f
alls within the specified port range. Enter a start
port number (startport) or portkey and enter an end port number
(endport) or portkey:
• portkey. The available portkeys depend on the protocol:
- T
CP. Enter bgp, domain, echo, ftp, ftp-data, http, smtp, telnet,
www, pop2, or pop3.
- UDP
. Enter domain, echo, ntp, rip, snmp, tftp, time, or who.
Each of these keywords translates into its equivalent port number.
• s
tartport. A port number from 0 to 65535.
• endport. A port number from 0 to 65535. The end port must have
a value equal or greater than the start port.
Alternately, you can specify a single keyword and a portkey or port
number
. With this me
thod, two rules are added: one rule with a range
from 0 to the specified port number (or portkey) minus 1 and one rule
with a range from the specified port number plus 1 to 65535.
• eg. The IP ACL rule mat
ches only if the layer 4 port number is equal
to the specified port number or portkey.
• lt
. The IP ACL rule matches if the layer 4 port number is lower than
the specified por
t number or portkey.
• gt
. The IP ACL rule matches if the layer 4 port number is higher than
the specified por
t number or portkey.
• neq. The IP A
CL rule mat
ches only if the layer 4 port number is not
equal to the specified port number or portkey.
• por
tkey. The available portkeys depend on the protocol:
- T
CP. Enter bgp, domain, echo, ftp, ftp-data, http, smtp, telnet,
www, pop2, or pop3.
- UDP
. Enter domain, echo, ntp, rip, snmp, tftp, time, or who.
• 0-65535. A por
t number fr
om 0 to 65535.
dstip dstmask, any, or host dstip Specifies a destination IP address and source netmask for the match
condition of the IP A
CL rule.
• ds
tip and dstmask. Enter the destination IP address (dstip) and
des
tination netmask (dstmask).
• any
. The destination IP address is 0.0.0.0 and the destination
ne
twork mask is 255.255.255.255.
• hos
t and dstip. Specify that you use a hostname (host) and enter
the name (ds
tip). The destination network mask is 0.0.0.0.
flag
+fin or -fin
+syn or -syn
+rst or -rst
+psh or -psh
+ack or -ack
+urg or -urg
established
Note: This option is available only if the protocolkey is tcp.
Specifies that the IP ACL rule must match one or more flags.
If the flag name is preceded by a plus (for example, +fin), a match
oc
curs if the specified flag is se
t in the TCP header.
If the flag name is preceded by a minus (for example, -fin), a match
oc
curs if the specified flag is no
t set in the TCP header.
Enter the optional established keyword to specify that a match must
occur if either the RST or ACK bits are set in the TCP header.
Parameter Description
To Next Page
Loading...
