Table of Contents
Advertisement
•
A protocol number in the range of 0 to 255.
•
A protocol by its name: gre (47), icmp (1), igmp (2), ip, ipinip (4), ospf (89), tcp (6), or udp
(17). The ip keyword specifies all protocols.
Table 7
describes the parameters that you can specify regardless of the value for the protocol
argument.
Table 7 Match criteria and other rule information for IPv4 advanced ACL rules
Parameters
source
{ source-address
source-wildcard |
any }
destination
{ dest-address
dest-wildcard | any }
counting
precedence
precedence
tos tos
dscp dscp
fragment
logging
time-range
time-range-name
Function
Specifies a source address.
Specifies a destination
address.
Counts the times that the
rule is matched.
Specifies an IP precedence
value.
Specifies a ToS preference.
Specifies a DSCP priority.
Applies the rule only to
non-first fragments.
Logs matching packets.
Specifies a time range for
the rule.
20
Description
The source-address source-wildcard arguments
specify a source IP address and a wildcard mask in
dotted decimal notation. An all-zero wildcard
represents a host address.
The any keyword specifies any source IP address.
The dest-address dest-wildcard arguments specify a
destination IP address and a wildcard mask in dotted
decimal notation. An all-zero wildcard mask
represents a host address.
The any keyword represents any destination IP
address.
The counting keyword enables match counting
specific to rules, and the hardware-count keyword
in the packet-filter command enables match
counting for all rules in an ACL. If the counting
keyword is not specified, matches for the rule are not
counted.
The precedence argument can be a number in the
range of 0 to 7, or in words: routine (0), priority (1),
immediate (2), flash (3), flash-override (4), critical
(5), internet (6), or network (7).
The tos argument can be a number in the range of 0
to 15, or in words: max-reliability (2),
max-throughput (4), min-delay (8),
min-monetary-cost (1), or normal (0).
The dscp argument can be a number in the range of
0 to 63, or in words: af11 (10), af12 (12), af13 (14),
af21 (18), af22 (20), af23 (22), af31 (26), af32 (28),
af33 (30), af41 (34), af42 (36), af43 (38), cs1 (8),
cs2 (16), cs3 (24), cs4 (32), cs5 (40), cs6 (48), cs7
(56), default (0), or ef (46).
If you do not specify this keyword, the rule applies to
all fragments and non-fragments.
If an ACL is applied for packet filtering, do not specify
this keyword.
This feature requires that the module (for example,
packet filtering) that uses the ACL supports logging.
The time-range-name argument is a
case-insensitive string of 1 to 32 characters. It must
start with an English letter. If the time range is not
configured, the system creates the rule. However,
the rule using the time range can take effect only
after you configure the time range.
For more information about time range, see ACL and
QoS Configuration Guide.
Advertisement
Chapters
Table of Contents
