HP 6125XLG Command Reference Manual page 25

Parameters Function
tos tos Specifies a ToS preference.
dscp dscp Specifies a DSCP priority.
Applies the rule to only
fragment
non-first fragments.
logging Logs matching packets.
time-range Specifies a time range for the
time-range-name rule.
Applies the rule to packets in a
vpn-instance
vpn-instance-name VPN instance.
If the protocol argument is tcp (6) or udp (7), set the parameters shown in
Table 8 TCP/UDP-specific parameters for IPv4 advanced ACL rules
Parameters Function
source-port Specifies one or
operator port1 more UDP or TCP
[ port2 ] source ports.
destination-port Specifies one or
operator port1 more UDP or TCP
[ port2 ] destination ports.
Description
The tos argument can be a number in the range of 0 to
15, or in words: max-reliability (2), max-throughput
(4), min-delay (8), min-monetary-cost (1), or normal
(0).
The dscp argument can be a number in the range of 0 to
63, or in words: af11 (10), af12 (12), af13 (14), af21
(18), af22 (20), af23 (22), af31 (26), af32 (28), af33
(30), af41 (34), af42 (36), af43 (38), cs1 (8), cs2 (16),
cs3 (24), cs4 (32), cs5 (40), cs6 (48), cs7 (56), default
(0), or ef (46).
Without this keyword, the rule applies to all fragments
and non-fragments.
This function requires that the module (for example,
packet filtering) that uses the ACL supports logging.
The time-range-name argument is a case-insensitive
string of 1 to 32 characters. It must start with an English
letter. If the time range is not configured, the system
creates the rule. However, the rule using the time range
can take effect only after you configure the timer range.
For more information about time range, see ACL and
QoS Configuration Guide.
The vpn-instance-name argument is a case-sensitive
string of 1 to 31 characters.
If no VPN instance is specified, the rule applies only to
non-VPN packets.
Description
The operator argument can be lt (lower than), gt (greater than), eq
(equal to), neq (not equal to), or range (inclusive range).
The port1 and port2 arguments are TCP or UDP port numbers in the
range of 0 to 65535. port2 is needed only when the operator
argument is range.
TCP port numbers can be represented as: chargen (19), bgp (179),
cmd (514), daytime (13), discard (9), domain (53), echo (7), exec
(512), finger (79), ftp (21), ftp-data (20), gopher (70), hostname
(101), irc (194), klogin (543), kshell (544), login (513), lpd (515),
nntp (119), pop2 (109), pop3 (110), smtp (25), sunrpc (111), tacacs
(49), talk (517), telnet (23), time (37), uucp (540), whois (43), and
www (80).
UDP port numbers can be represented as: biff (512), bootpc (68),
bootps (67), discard (9), dns (53), dnsix (90), echo (7), mobilip-ag
(434), mobilip-mn (435), nameserver (42), netbios-dgm (138),
netbios-ns (137), netbios-ssn (139), ntp (123), rip (520), snmp
(161), snmptrap (162), sunrpc (111), syslog (514), tacacs-ds (65),
talk (517), tftp (69), time (37), who (513), and xdmcp (177).
20
Table 8.