Download Print this page

HP A8800 Series Command Reference Manual page 29

Acl and qos

Hide thumbs Also See for A8800 Series:

Configuration manual (487 pages)

,

Installation manual (121 pages)

,

Fundamentals command reference (193 pages)

Table Of Contents

page of 153

/ 153
Contents
Table of Contents
Bookmarks

Table of Contents

Advertisement

Parameters

dscp dscp

logging

reflective

vpn-instance

vpn-instance-name

fragment

time-range time-range-name

NOTE:

If you provide the precedence or tos keyword in addition to the dscp keyword, only the dscp keyword

takes effect.

Function

Specifies a DSCP priority

Logs matching packets

Specifies that the rule be

reflective

Applies the rule to packets in

a VPN instance

Applies the rule to only

fragments

Specifies a time range for the

rule

23

Description

The dscp argument can be a number in the

range of 0 to 63, or in words, af11 (10), af12

(12), af13 (14), af21 (18), af22 (20), af23

(22), af31 (26), af32 (28), af33 (30), af41

(34), af42 (36), af43 (38), cs1 (8), cs2 (16), cs3

(24), cs4 (32), cs5 (40), cs6 (48), cs7 (56),

default (0), or ef (46).

This function requires that the module using the

ACL supports logging.

If an ACL has been applied to both the packet

filtering firewall and policy-based routing

modules, do not add or modify a rule that has

the logging keyword in the ACL. Doing so can

cause rule application failure on both modules.

For more information about packet filtering

firewall, see Security Configuration Guide. For

more information about policy-based routing,

see Layer 3—IP Routing Configuration Guide.

Use the logging keyword together with the rule

match counting function. To enable this

function, you can either execute the

hardware-count enable command in the ACL or

specify the counting keyword in the ACL rule

with logging specified.

A rule with the reflective keyword can be

defined only for TCP, UDP, or ICMP packets

and can only be a permit statement.

The vpn-instance-name argument takes a

case-sensitive string of 1 to 31 characters.

If no VPN instance is specified, the rule applies

only to non-VPN packets.

Without this keyword, the rule applies to all

fragments and non-fragments.

When the ACL rule length limit is 80 bytes on an

SPC card, the ACL rule does not take effect on

the first fragment of fragments for each

incoming packet. For more information about

the ACL rule length limit mode, see

The time-range-name argument takes a

case-insensitive string of 1 to 32 characters. It

must start with an English letter. If the time range

is not configured, the system creates the rule.

However, the rule using the time range can take

effect only after you configure the timer range.

"acl

mode."

Table of Contents

Advertisement

Table of Contents

Related Products for HP A8800 Series