HPE FlexNetwork HSR6800 series Command Reference Manual page 33

Comware 7 acl and qos

Hide thumbs Also See for FlexNetwork HSR6800 series:

Security command reference (538 pages)

Configuration manual (503 pages)

Command reference manual (35 pages)

Table Of Contents

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

133

134

135

136

137

138

139

140

141

142

143

144

145

146

147

148

149

150

151

152

153

page of 153

/ 153
Contents
Table of Contents
Bookmarks

Table of Contents

Parameters

Function

time-range

Specifies a time range for

time-range-name

the rule.

vpn-instance

Applies the rule to an

vpn-instance-nam

MPLS L3VPN instance.

If the protocol argument is tcp (6) or udp (17), set the parameters shown in

Table 12 TCP/UDP-specific parameters for IPv6 advanced ACL rules

Parameters

Function

source-port

{ object-group

Specifies one or

more UDP or TCP

port-group-name

| operator port1

source ports.

[ port2 ] }

destination-port

{ object-group

Specifies one or

port-group-name

more UDP or TCP

| operator port1

destination ports.

[ port2 ] }

{ ack ack-value |

Specifies one or

fin fin-value |

more TCP flags,

psh psh-value |

including ACK, FIN,

rst rst-value |

PSH, RST, SYN, and

syn syn-value |

URG.

urg urg-value } *

Specifies the flags

for indicating the

established

established status of

a TCP connection.

If the protocol argument is icmpv6 (58), set the parameters shown in

Description

The time-range-name argument is a case-insensitive

string of 1 to 32 characters. It must start with an English

letter. If the time range is not configured, the system

creates the rule. However, the rule using the time range

can take effect only after you configure the time range.

For more information about time range, see ACL and

QoS Configuration Guide.

The vpn-instance-name argument is a case-sensitive

string of 1 to 31 characters.

If you do not specify a VPN instance, the rule applies to

both non-VPN packets and VPN packets.

Description

The port-group-name argument specifies an object group of

ports.

The operator argument can be lt (lower than), gt (greater than),

eq (equal to), neq (not equal to), or range (inclusive range).

The port1 and port2 arguments are TCP or UDP port numbers in

the range of 0 to 65535. The port2 argument is needed only

when the operator argument is range.

TCP port numbers can be represented as: chargen (19), bgp

(179), cmd (514), daytime (13), discard (9), dns (53), domain

(53), echo (7), exec (512), finger (79), ftp (21), ftp-data (20),

gopher (70), hostname (101), irc (194), klogin (543), kshell

(544), login (513), lpd (515), nntp (119), pop2 (109), pop3

(110), smtp (25), sunrpc (111), tacacs (49), talk (517), telnet

(23), time (37), uucp (540), whois (43), and www (80).

UDP port numbers can be represented as: biff (512), bootpc

(68), bootps (67), discard (9), dns (53), dnsix (90), echo (7),

mobilip-ag (434), mobilip-mn (435), nameserver (42),

netbios-dgm (138), netbios-ns (137), netbios-ssn (139), ntp

(123), rip (520), snmp (161), snmptrap (162), sunrpc (111),

syslog (514), tacacs-ds (65), talk (517), tftp (69), time (37),

who (513), and xdmcp (177).

Parameters specific to TCP.

The value for each argument can be 0 (flag bit not set) or 1 (flag

bit set).

The TCP flags in a rule are ORed. For example, a rule

configured with ack 0 psh 1 matches both packets that have the

ACK flag bit not set and packets that have the PSH flag bit set.

Parameter specific to TCP.

The rule matches TCP connection packets with the ACK or RST

flag bit set.

Table

12.

Table

13.

Table of Contents

HPE FlexNetwork HSR6800 series Command Reference Manual page 33

Related Manuals for HPE FlexNetwork HSR6800 series

Related Products for HPE FlexNetwork HSR6800 series

Table of Contents