HPE FlexNetwork HSR6800 series Command Reference Manual page 27

Comware 7 acl and qos

Hide thumbs Also See for FlexNetwork HSR6800 series:

Security command reference (538 pages)

Configuration manual (503 pages)

Command reference manual (35 pages)

Table Of Contents

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

133

134

135

136

137

138

139

140

141

142

143

144

145

146

147

148

149

150

151

152

153

page of 153

/ 153
Contents
Table of Contents
Bookmarks

Table of Contents

Table 8 TCP/UDP-specific parameters for IPv4 advanced ACL rules

Parameters

Function

source-port

{ object-group

Specifies one or

port-group-name

more UDP or TCP

| operator port1

source ports.

[ port2 ] }

destination-port

{ object-group

Specifies one or

port-group-name

more UDP or TCP

| operator port1

destination ports.

[ port2 ] }

{ ack ack-value |

Specifies one or

fin fin-value |

more TCP flags

psh psh-value |

including ACK,

rst rst-value |

FIN, PSH, RST,

syn syn-value |

SYN, and URG.

urg urg-value } *

Specifies the flags

for indicating the

established

established status

of a TCP

connection.

If the protocol argument is icmp (1), set the parameters shown in

Table 9 ICMP-specific parameters for IPv4 advanced ACL rules

Parameters

icmp-type

{ icmp-type

icmp-code |

icmp-message }

Table 10 ICMP message names supported in IPv4 advanced ACL rules

ICMP message name

echo

echo-reply

fragmentneed-DFset

host-redirect

host-tos-redirect

Description

The port-group-name argument specifies an object group of ports.

The operator argument can be lt (lower than), gt (greater than), eq

(equal to), neq (not equal to), or range (inclusive range).

The port1 and port2 arguments are TCP or UDP port numbers in

the range of 0 to 65535. The port2 argument is needed only when

the operator argument is range.

TCP port numbers can be represented as: chargen (19), bgp

(179), cmd (514), daytime (13), discard (9), dns (53), domain

(53), echo (7), exec (512), finger (79), ftp (21), ftp-data (20),

gopher (70), hostname (101), irc (194), klogin (543), kshell

(544), login (513), lpd (515), nntp (119), pop2 (109), pop3 (110),

smtp (25), sunrpc (111), tacacs (49), talk (517), telnet (23), time

(37), uucp (540), whois (43), and www (80).

UDP port numbers can be represented as: biff (512), bootpc (68),

bootps (67), discard (9), dns (53), dnsix (90), echo (7),

mobilip-ag (434), mobilip-mn (435), nameserver (42),

netbios-dgm (138), netbios-ns (137), netbios-ssn (139), ntp

(123), rip (520), snmp (161), snmptrap (162), sunrpc (111),

syslog (514), tacacs-ds (65), talk (517), tftp (69), time (37), who

(513), and xdmcp (177).

Parameters specific to TCP.

The value for each argument can be 0 (flag bit not set) or 1 (flag bit

set).

The TCP flags in a rule are ORed. For example, a rule configured

with ack 0 psh 1 matches both packets that have the ACK flag bit

not set and packets that have the PSH flag bit set.

Parameter specific to TCP.

The rule matches TCP connection packets with the ACK or RST

flag bit set.

Function

Specifies the ICMP

message type and

code.

ICMP message type

Table

Description

The icmp-type argument is in the range of 0 to 255.

The icmp-code argument is in the range of 0 to 255.

The icmp-message argument specifies a message name.

Supported ICMP message names and their corresponding

type and code values are listed in

Table

10.

ICMP message code

Table of Contents

HPE FlexNetwork HSR6800 series Command Reference Manual page 27

Related Manuals for HPE FlexNetwork HSR6800 series

Related Products for HPE FlexNetwork HSR6800 series

Table of Contents