H3C S7500E Series Command Manual page 1096
Hide thumbs
Also See for S7500E Series:
- Operation manual (1344 pages) ,
- Command reference manual (368 pages) ,
- Installation manual (182 pages)
Table of Contents
Advertisement
Command Manual – ACL
H3C S7500E Series Ethernet Switches
Table 1-5 TCP/UDP-specific parameters for advanced IPv4 ACL rules
Parameters
source-port
operator port1
[ port2 ]
destination-port
operator port1
[ port2 ]
established
If the protocol argument is set to icmp, you may define the parameters in the following
table.
Function
Defines a UDP or
TCP source port
against which UDP or
TCP packets are
matched.
Defines a UDP or
TCP destination port
against which UDP or
TCP packets are
matched.
Defines the rule for
TCP connection
packets.
1-16
Chapter 1 ACL Configuration Commands
Description
The operator argument can be lt
(lower than), gt (greater than), eq
(equal to), neq (not equal to), and
range (inclusive range).
port1, port2: TCP or UDP port number,
represented by a number in the range
0 to 65535. TCP port number can be
represented in words as follows:
chargen (19), bgp (179), cmd (514),
daytime (13), discard (9), domain
(53), echo (7), exec (512), finger (79),
ftp (21), ftp-data (20), gopher (70),
hostname (101), irc (194), klogin
(543), kshell (544), login (513), lpd
(515), nntp (119), pop2 (109), pop3
(110), smtp (25), sunrpc (111),
tacacs (49), talk (517), telnet (23),
time (37), uucp (540), whois (43), or
www (80).
UDP port number can be represented
in words as follows: biff (512), bootpc
(68), bootps (67), discard (9), dns
(53), dnsix (90), echo (7), mobilip-ag
(434), mobilip-mn (435), nameserver
(42), netbios-dgm (138), netbios-ns
(137), netbios-ssn (139), ntp (123),
rip (520), snmp (161), snmptrap
(162), sunrpc (111), syslog (514),
tacacs-ds (65), talk (517), tftp (69),
time (37), who (513), xdmcp (177).
With the range operator, the value of
port2 does not need to be greater than
that of port1 because the switch can
automatically judge the value range. If
the two values are the same, the
switch will convert the operator range
to eq.
Note that if you specify a combination
of lt 1 or gt 65534, the switch will
convert it to eq 0 or eq 65535.
A rule defined with this keyword
matches TCP connection packets with
the ack flag set.
Advertisement
Chapters
Table of Contents
