HP HSR6800 Command Reference Manual page 30

Acl and qos

Hide thumbs Also See for HSR6800:

Configuration manual (478 pages)

Installation manual (146 pages)

Troubleshooting manual (41 pages)

Table Of Contents

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

133

134

135

136

137

138

139

140

141

142

143

144

145

146

147

148

149

150

151

152

153

154

155

156

157

158

159

160

161

162

163

164

165

166

167

168

169

170

page of 170

/ 170
Contents
Table of Contents
Bookmarks

Table of Contents

Parameters

Function

Specifies a DSCP

dscp dscp

preference.

flow-label

Specifies a flow label value

flow-label-value

in an IPv6 packet header.

logging

Logs matching packets.

routing [ type

Specifies the type of routing

routing-type ]

header.

Applies the rule to only

fragment

non-first fragments.

time-range

Specifies a time range for

time-range-name

the rule.

vpn-instance

Applies the rule to packets

vpn-instance-name

in a VPN instance.

If the protocol argument takes tcp (6) or udp (17), set the parameters shown in

Table 11 TCP/UDP-specific parameters for IPv6 advanced ACL rules

Parameters

Function

source-port

Specifies one or more

operator port1

UDP or TCP source

[ port2 ]

ports.

destination-port

Specifies one or more

operator port1

UDP or TCP

[ port2 ]

destination ports.

Description

The dscp argument can be a number in the range of 0 to

63, or in words, af11 (10), af12 (12), af13 (14), af21

(18), af22 (20), af23 (22), af31 (26), af32 (28), af33

(30), af41 (34), af42 (36), af43 (38), cs1 (8), cs2 (16), cs3

(24), cs4 (32), cs5 (40), cs6 (48), cs7 (56), default (0), or

ef (46).

The flow-label-value argument is in the range of 0 to

1048575.

This function requires that the module (for example, a

firewall) that uses the ACL supports logging.

The routing-type argument takes a value in the range of 0

to 255.

If no routing type header is specified, the rule applies to the

IPv6 packets with any type of routing header.

Without this keyword, the rule applies to all fragments and

non-fragments.

The time-range-name argument takes a case-insensitive

string of 1 to 32 characters. It must start with an English

letter. If the time range is not configured, the system creates

the rule. However, the rule using the time range can take

effect only after you configure the timer range.

The vpn-instance-name argument takes a case-sensitive

string of 1 to 31 characters.

If no VPN instance is specified, the rule applies to non-VPN

packets.

Description

The operator argument can be lt (lower than), gt (greater than), eq

(equal to), neq (not equal to), or range (inclusive range).

The port1 and port2 arguments are TCP or UDP port numbers in the

range of 0 to 65535. port2 is needed only when the operator

argument is range.

TCP port numbers can be represented as: chargen (19), bgp (179),

cmd (514), daytime (13), discard (9), dns (53), echo (7), exec

(512), finger (79), ftp (21), ftp-data (20), gopher (70), hostname

(101), irc (194), klogin (543), kshell (544), login (513), lpd (515),

nntp (119), pop2 (109), pop3 (110), smtp (25), sunrpc (111),

tacacs (49), talk (517), telnet (23), time (37), uucp (540), whois

(43), and www (80).

UDP port numbers can be represented as: biff (512), bootpc (68),

bootps (67), discard (9), dns (53), dnsix (90), echo (7), mobilip-ag

(434), mobilip-mn (435), nameserver (42), netbios-dgm (138),

netbios-ns (137), netbios-ssn (139), ntp (123), rip (520), snmp

(161), snmptrap (162), sunrpc (111), syslog (514), tacacs-ds (65),

talk (517), tftp (69), time (37), who (513), and xdmcp (177).

Table 1

Table of Contents

HP HSR6800 Command Reference Manual page 30

Related Manuals for HP HSR6800

Related Products for HP HSR6800

Table of Contents