H3C S7500E Series Command Manual page 1095

Command Manual – ACL
H3C S7500E Series Ethernet Switches
Parameters
tos tos
dscp dscp
logging
reflective
fragment
time-range
time-name
vpn-instance
vpn-instance-name
If the protocol argument is set to tcp or udp, you may define the parameters in the
following table.
Function
The tos argument can be a number in the
range 0 to 15, or in words,
Specifies a ToS
max-reliability (2), max-throughput
preference.
(4), min-delay (8), min-monetary-cost
(1), or normal (0).
The dscp argument can be a number in
the range 0 to 63, or in words, af11(10),
af12(12), af13(14), af21(18), af22(20),
Specifies a DSCP
af23(22), af31(26), af32(28), af33(30),
priority.
af41(34), af42(36), af43(38), cs1(8),
cs2(16), cs3(24), cs4(32), cs5(40),
cs6(48), cs7(56), default(0), or ef(46).
Specifies to log
––
matched packets.
A rule with the reflective keyword can be
Specifies the rule defined only for TCP, UDP, or ICMP
to be reflective.
packets and its statement can only be
permit.
A rule defined with the fragment
keyword matches non-last IP fragments
Specifies that the on an SA Series LPUs (for example,
rule applies to LSQ1FP48SA) or EA Series LPUs (for
only IP fragments. example, LSQ1GP12EA) while matching
non-first IP fragments on an SC Series
LPUs (for example, LSQ1GP24SC).
Specifies the time The time-name argument comprises 1 to
range in which the 32 characters. It is case insensitive and
rule can take must start with an English letter. To avoid
effect. confusion, this name cannot be all.
The vpn-instance-name argument is a
case-sensitive string of 1 to 31
Specifies a VPN
characters.
instance.
Without this combination, the rule applies
to only non-VPN packets.
1-15
Chapter 1 ACL Configuration Commands
Description