HP E4510-48G Command Reference Manual page 832

Table 14-4 Match criteria and other rule information for advanced IPv4 ACL rules
Parameters
source { sour-addr
sour-wildcard | any }
destination { dest-addr
dest-wildcard | any }
precedence precedence
tos tos
dscp dscp
logging
reflective
vpn-instance
vpn-instance-name
fragment
time-range
time-range-name
Setting the protocol argument to tcp or udp, you may define the parameters shown in
Function
Specifies a source
address.
Specifies a destination
address.
Specifies an IP
precedence value.
Specifies a ToS
preference.
Specifies a DSCP priority.
Specifies to log matched
packets.
Specifies that the rule be
reflective.
Specifies a VPN instance.
Indicates that the rule
applies to only non-first
fragments.
Specifies the time range
in which the rule takes
effect.
14-13
Description
The sour-addr sour-wildcard argument
combination specifies a source IP address
in dotted decimal notation. A wildcard of
zero indicates a host address. The any
keyword indicates any source IP address.
The dest-addr dest-wildcard argument
combination specifies a destination IP
address in dotted decimal notation. A
wildcard of zero indicates a host address.
The any keyword indicates any destination
IP address.
The precedence argument can be a
number in the range 0 to 7, or in words,
routine (0), priority (1), immediate (2),
flash (3), flash-override (4), critical (5),
internet (6), or network (7).
The tos argument can be a number in the
range 0 to 15, or in words, max-reliability
(2), max-throughput (4), min-delay (8),
min-monetary-cost (1), or normal (0).
The dscp argument can be a number in the
range 0 to 63, or in words, af11 (10), af12
(12), af13 (14), af21 (18), af22 (20), af23
(22), af31 (26), af32 (28), af33 (30), af41
(34), af42 (36), af43 (38), cs1 (8), cs2
(16), cs3 (24), cs4 (32), cs5 (40), cs6
(48), cs7 (56), default (0), or ef (46).
This function requires that the module
using the ACL support logging.
A rule with the reflective keyword can be
defined only for TCP, UDP, or ICMP
packets and can only be a permit
statement.
The vpn-instance-name argument is a
case-sensitive string of 1 to 31 characters.
Without this combination, the rule applies
to only non-VPN packets.
Without this keyword, the rule applies to all
fragments and non-fragments.
The time-range-name argument is a case
insensitive string of 1 to 32 characters. It
must start with an English letter and
cannot be the English word of all to avoid
confusion.
Table 14-5.