3Com 3C13636 Configuration Manual page 1077

3Com Router 3000 Ethernet Family
Configuration Guide
destination-port: Optional parameter, used to specify destination port information
of UDP or TCP packet, only valid when the protocol number specified by the rule is
TCP or UDP. If it is not specified, it indicates any destination port information of
TCP/UDP packet matches.
operator: Optional parameter. The port number operator, name and meaning of
source/destination address are compared as follows: lt (lower than), gt (greater
than), eq (equal to), neq (not equal to) and range (between). Only "range" needs
two port numbers as operator, others only need one port number as operator
port1, port2: Optional parameter, port number of TCP or UDP, represented by
name or number, with the number ranging from 0 to 65535.
dscp dscp: Specifies a DSCP field (the DS byte in IP packets).
precedence: Optional parameter, by which data packets can be filtered. A
number ranging from 0 to 7 or a name.
tos tos: Type of service value, an optional parameter by which data packets can
be filtered.This number uses the second bit to the fifth bit in the ToS field, from
right to left. As shown in the following figure, the tos argument in an ACL ranges
from 0 to 15, indicating the real range of 0 to 30.
Figure 5-1 ToS defined in an ACL
When testing the ToS setting, 1 for example, in an ACL with the ping -tos command,
you must set the -tos argument to 2, that is, twice of the ToS setting in the ACL.
logging: Optional parameter, indicating whether to log qualified data packet. The
log contents include sequence number of ACL, data packet passed/discarded,
upper layer protocol type over IP, source/destination address, source/destination
port number, and the number of data packets.
time-range time-name: The ACL rule is valid in the time range.
fragment: Used to specify whether the rule is only valid for non-first-fragment.
When this parameter is included, it indicates the rule is only valid for
non-first-fragment.
vpn-instance: Optional, specifies a vpn-instance. If it is not specified, the ACL
rule is invalid for packets in all vpn-instances. If it is specified, the ACL rule is valid
only for the specified vpn-instance.
3Com Corporation
5-6
Chapter 5 ACL Configuration