HP 3500yl Series Access Security Manual page 485

< any | host < DA > | DA/mask-length | DA/ < mask >>
This is the second instance of IPv4 addressing in an extended
ACE. It follows the first (SA) instance, described earlier, and
defines the destination address (DA) that a packet must carry
in order to have a match with the ACE.
• any — Allows routed IPv4 packets to any DA.
• host < DA > — Specifies only packets having DA as the
destination address. Use this criterion when you want to
match only the IPv4 packets for a single DA.
• DA/mask-length or DA< mask > — Specifies packets intended
for a destination address, where the address is either a
subnet or a group of addresses. The mask format can be in
either dotted-decimal format or CIDR format (number of
significant bits). Refer to "Using CIDR Notation To Enter
the IPv4 ACL Mask" on page 10-49.
DA Mask Application: The mask is applied to the DA in
the ACL to define which bits in a packet's DA must exactly
match the DA configured in the ACL and which bits need
not match. See also the above example and note.
[ precedence < 0 - 7 | precedence-name >]
This option can be used after the DA to cause the ACE to match
packets with the specified IP precedence value. Values can be
entered as the following IP precedence numbers or alphanu-
meric names:
0 or routine
1 priority
"
2 " immediate
3 " flash
4 " flash-override
5 " critical
6 " internet (for internetwork control)
7 " network (for network control)
Note: The precedence criteria described in this section are
applied in addition to any other selection criteria configured
in the same ACE.
IPv4 Access Control Lists (ACLs)
Configuring Extended ACLs
10-65