Table of Contents
Advertisement
ProSAFE M7100 Managed Switches
Parameter
range
portkey or startport
and
portkey or endport
or
eq, neq, lt, or gt
and
portkey or 0-65535
dstip dstmask, any, or host dstip
flag
+fin or -fin
+syn or -syn
+rst or -rst
+psh or -psh
+ack or -ack
+urg or -urg
established
Description
Note:
This option is available only if the protocolkey is either tcp or
udp.
Specifies the layer 4 port match condition for the IP ACL rule if the
layer 4 port number falls within the specified port range. Enter a start
port number (startport) or portkey and enter an end port number
(endport) or portkey:
• portkey. The available portkeys depend on the protocol:
- TCP. Enter bgp, domain, echo, ftp, ftp-data, http, smtp, telnet,
www, pop2, or pop3.
- UDP. Enter domain, echo, ntp, rip, snmp, tftp, time, or who.
Each of these keywords translates into its equivalent port number.
• startport. A port number from 0 to 65535.
• endport. A port number from 0 to 65535. The end port must have
a value equal or greater than the start port.
Alternately, you can specify a single keyword and a portkey or port
number. With this method, two rules are added: one rule with a range
from 0 to the specified port number (or portkey) minus 1 and one rule
with a range from the specified port number plus 1 to 65535.
• eg. The IP ACL rule matches only if the layer 4 port number is equal
to the specified port number or portkey.
• lt. The IP ACL rule matches if the layer 4 port number is lower than
the specified port number or portkey.
• gt. The IP ACL rule matches if the layer 4 port number is higher than
the specified port number or portkey.
• neq. The IP ACL rule matches only if the layer 4 port number is not
equal to the specified port number or portkey.
• portkey. The available portkeys depend on the protocol:
- TCP. Enter bgp, domain, echo, ftp, ftp-data, http, smtp, telnet,
www, pop2, or pop3.
- UDP. Enter domain, echo, ntp, rip, snmp, tftp, time, or who.
• 0-65535. A port number from 0 to 65535.
Specifies a destination IP address and source netmask for the match
condition of the IP ACL rule.
• dstip and dstmask. Enter the destination IP address (dstip) and
destination netmask (dstmask).
• any. The destination IP address is 0.0.0.0 and the destination
network mask is 255.255.255.255.
• host and dstip. Specify that you use a hostname (host) and enter
the name (dstip). The destination network mask is 0.0.0.0.
Note:
This option is available only if the protocolkey is tcp.
Specifies that the IP ACL rule must match one or more flags.
If the flag name is preceded by a plus (for example, +fin), a match
occurs if the specified flag is set in the TCP header.
If the flag name is preceded by a minus (for example, -fin), a match
occurs if the specified flag is not set in the TCP header.
Enter the optional established keyword to specify that a match must
occur if either the RST or ACK bits are set in the TCP header.
Quality of Service (QoS) Commands
261
Hide quick links:
Advertisement
Chapters
Table of Contents
