Huawei Quidway S8500 Series Command Manual page 639

Command Manual – QoS/ACL
Quidway S8500 Series Routing Switches
protocol: Specifies the protocol type which is represented by a name or a number. For
name format, the options include icmp, igmp, tcp, udp, ip, gre, ospf, ipinip etc. The IP
parameter represents all IP protocols. For number format, the value ranges from 1 to
255.
source { source-addr wildcard | any }: source-addr wildcard specifies the source IP
address and wildcard digit of source address represented, in dotted decimal notation.
any represents all source addresses.
destination { dest-addr wildcard | any }: dest-addr wildcard specifies the destination IP
address and wildcard digit of destination address represented, in dotted decimal
notation. any represents all destination addresses.
source-port operator port1 [ port2 ]: Source TCP or UDP port ID of the packet.
operator means port operator, with options including eq (equal to), gt (greater than), lt
(less than), neq (not equal to) and range (in the range of). Note that it appears only
when the protocol parameter is set as TCP or UDP. port1 [ port2 ] stands for source
TCP or UDP port ID of the packet, in characters or digits. Digital value ranges from 0 to
65535. For character options, see the port ID mnemonic symbol list. Only for the range
operator, both port1 and port2 are active. For the rest operators, only port1 is required.
destination-port operator port1 [ port2 ]: Destination TCP or UDP port ID of the packet.
See source-port operator port1 [ port2 ] for detailed description.
icmp-type type code: It is active when the protocol is set as icmp. type code specifies
an ICMP packet. type indicates ICMP packet type, in characters or digits. The digital
value ranges from 0 to 255. code is ICMP code, which is active when ICMP is selected
and ICMP packet type is not expression in characters. It ranges from 0 to 255.
established: (Optional) It is effective only to the first SYN packet established by TCP
and active when protocol is set as tcp.
precedence precedence: (Optional) IP priority level, in a number (ranging from 0 to 7)
or a name.
tos tos: (Optional) Indicating packets are classified by TOS value, in a number (ranging
0 to 15) or a name.
dscp dscp: (Optional) Indicating packets are classified by DSCP value, in a number
(ranging from 0 to 63) or a name.
fragment: It is only effective to fragmented messages and is ignored by
non-fragmented messages.
bt-flag: It indicates that the rule is effective to BT data messages only. If you use this
key word, the protocol in the rule must be tcp. The parameter is applicable to defining
the advanced ACLs.
vpn-instance instance-name: VPN instance name. The specified MPLS VPN packets
will be identified if this parameter is selected.
Parameters specific to Layer 2 ACLs:
Huawei Technologies Proprietary
1-15
Chapter 1 ACL Commands