Table of Contents
Advertisement
fragment
time-range
time-range-name
vpn-instance
vpn-instance-name
If the
argument is tcp (6) or udp (17), set the parameters shown in
protocol
Table 3 TCP/UDP-specific parameters for IPv4 advanced ACL rules
Parameters
source-port
operator port1
[ port2 ]
destination-port
operator port1
[ port2 ]
ack ack-value
{
|
fin fin-value
|
psh psh-value
|
rst rst-value
|
syn syn-value
|
urg urg-value
} *
established
Applies the rule only to
non-first fragments.
Specifies a time range
for the rule.
Applies the rule to an
MPLS L3VPN instance.
Function
Description
The operator argument can be lt (lower than), gt (greater
than), eq (equal to), neq (not equal to), or range (inclusive
range).
Specifies one or
The
more UDP or
numbers in the range of 0 to 65535. The
TCP source
ports.
is needed only when the
TCP port numbers can be represented as: chargen (19),
bgp (179), cmd (514), daytime (13), discard (9), dns
(53), domain (53), echo (7), exec (512), finger (79), ftp
(21), ftp-data (20), gopher (70), hostname (101), irc
(194), klogin (543), kshell (544), login (513), lpd (515),
nntp (119), pop2 (109), pop3 (110), smtp (25), sunrpc
(111), tacacs (49), talk (517), telnet (23), time (37), uucp
(540), whois (43), and www (80).
Specifies one or
UDP port numbers can be represented as: biff (512),
more UDP or
bootpc (68), bootps (67), discard (9), dns (53), dnsix
TCP destination
(90), echo (7), mobilip-ag (434), mobilip-mn (435),
ports.
nameserver (42), netbios-dgm (138), netbios-ns (137),
netbios-ssn (139), ntp (123), rip (520), snmp (161),
snmptrap (162), sunrpc (111), syslog (514), tacacs-ds
(65), talk (517), tftp (69), time (37), who (513), and
xdmcp (177).
Parameters specific to TCP.
Specifies one or
The value for each argument can be 0 (flag bit not set) or 1
more TCP flags
(flag bit set).
including ACK,
The TCP flags in a rule are ANDed. For example, a rule
FIN, PSH, RST,
configured with ack 0 psh 1 matches the packets that have
SYN, and URG.
the ACK flag bit not set and the PSH flag bit set.
Specifies the
Parameter specific to TCP.
flags for
The rule matches TCP connection packets with the ACK or
indicating the
9
(34), af42 (36), af43 (38), cs1 (8), cs2 (16),
cs3 (24), cs4 (32), cs5 (40), cs6 (48), cs7
(56), default (0), or ef (46).
If you do not specify this keyword, the rule
applies to all fragments and non-fragments.
time-range-name
The
case-insensitive string of 1 to 32 characters.
It must start with an English letter. If the time
range is not configured, the system creates
the rule. However, the rule using the time
range can take effect only after you
configure the time range. For more
information about time range, see ACL and
QoS Configuration Guide.
vpn-instance-name
The
a case-sensitive string of 1 to 31 characters.
If you do not specify a VPN instance,
whether the rule applies to VPN packets
varies by feature. See the description for the
feature that uses ACLs.
port1
port2
and
arguments are TCP or UDP port
operator
argument is a
argument is
Table
3.
port2
argument
argument is range.
Advertisement
Chapters
Table of Contents
