Table of Contents
Advertisement
Command Manual - QoS/ACL
Quidway S3500 Series Ethernet Switches
source-addr wildcard | any: source-addr wildcard is the source IP address and source
address wildcard, expressed in dotted decimal notation. any represents any source
address.
fragment: Indicates that the rule takes effect on fragmented packets only and will be
ignored for other packets.
The parameter of advanced ACL
protocol: This parameter is to define protocol type, which can be indicated by name, or
digit. This parameter can be icmp, igmp, tcp, udp, ip, gre, ospf or ipinip. If this
parameter takes ip, it means all the IP protocols. This parameter can be 1 ~ 255 if
indicated by digit.
source-addr wildcard | any: source-addr wildcard is the source IP address and source
address wildcard, expressed in dotted decimal notation. any represents any source
address.
dest-addr wildcard | any: dest-addr wildcard is the destination IP address and
destination address wildcard, expressed in dotted decimal notation. any represents
any destination address.
source-port operator port1 [ port2 ]: This parameter is to define the source TCP or
UDP port number. Here, operator represents port operation character, including eq
(equal to), gt (greater than), lt (less than), neq (not equal to), and range (in certain
range). Note: This parameter is available only when protocol parameter takes TCP or
UDP. port1 [ port2 ]: TCP or UDP port number of packets, expressed with characters or
numbers. The numbers are in the range of 0 to 65535 and refer to mnemonic symbol
table for character values.
destination-port operator port1 [ port2 ]: This parameter is to define the destination
TCP or UDP port number. The meaning of operator port1 [ port2 ] is same as upper
parameter.
Note:
When you activate the rule with predefined TCP/UDP source and destination port
ranges on the S3552 series, the switches can automatically divide this rule into several
rules, ensuring the port ranges meet the requirement of [A*2^n , (A+1)*2^n - 1], where
both A and n are integers. If the rules are more than 64, the rule cannot be activated
and the switches prompt you of the failure.
S3552 series switch does not support icmp-type type code parameters when
configure ACL rules.
established: Used when protocol is tcp to indicate that the rule takes effect on the first
SYN packet to establish TCP connection.
Huawei Technologies Proprietary
1-37
Chapter 1 ACL Commands
- Quick Links:
- Logging in Switch Commands
Hide quick links:
Advertisement
Chapters
Table of Contents
