Quick Reference Guide
262 ACL Commands
a
portkey
, which can be one of the following keywords: domain, echo, ftp,
ftp-data, http, smtp, snmp, telnet, tftp, and www. Each of these keywords
translates into its equivalent destination port number.
– When “range” is specified, IP ACL rule matches only if the layer 4
port number falls within the specified portrange. The
startport
and
endport
parameters identify the first and last ports that are part of the
port range. They have values from 0 to 65535. The ending port must
have a value equal or greater than the starting port. The starting port,
ending port, and all ports in between will be part of the layer 4 port
range.
– When “eq” is specified, IP ACL rule matches only if the layer 4 port
number is equal to the specified port number or portkey.
– When “lt” is specified, IP ACL rule matches if the layer 4 destination
port number is less than the specified port number or portkey. It is
equivalent to specifying the range as 0 to <specified port number –
1>.
– When “gt” is specified, IP ACL rule matches if the layer 4 destination
port number is greater than the specified port number or portkey. It is
equivalent to specifying the range as <specified port number + 1> to
65535.
– When “neq” is specified, IP ACL rule matches only if the layer 4
destination port number is not equal to the specified port number or
portkey.
– IPv4 TCP port names
: bgp, domain, echo, ftp, ftp-data, http, smtp,
telnet, www, pop2, pop3
– IPv4 UDP port names:
domain, echo, ntp, rip, snmp, tftp, time, who
•
dstip
dstmask
|
any | host
dstip
—Specifies a destination IP address and
netmask for match condition of the IP ACL rule.
– Specifying “any” implies specifying
dstip
as “0.0.0.0” and
dstmask
as
“255.255.255.255”.
– Specifying “host A.B.C.D” implies
dstip
as “A.B.C.D” and
dstmask
as
“0.0.0.0”.
•
[precedence
precedence
| tos
tos
[
tosmask
] | dscp
dscp
]—
Specifies the TOS
for an IP/TCP/UDP ACL rule depending on a match of precedence or
DSCP values using the parameters dscp, precedence, or tos tosmask.
2CSNXXX_SWUM200.book Page 262 Tuesday, December 10, 2013 1:22 PM