Users Guide
712 Access Control Lists
continued
– When
range
is specified, TCP or UDP ACL rule
matches only if the layer-4 port number falls within the
specified port range. The
startport
and
endport
parameters identify the first and last ports that are part
of the port range. They have values from 0 to 65535.
The ending port must have a value equal or greater
than the starting port. The starting port, ending port,
and all ports in between will be part of the layer-4 port
range.
– When
eq
is specified, the IP ACL rule matches only if
the layer-4 port number is equal to the specified port
number or portkey.
– When
lt
is specified, the IP ACL rule matches if the
layer-4 source or destination port number is less than
the specified port number or portkey. It is equivalent to
specifying the range as 0 to <specified port number –
1>.
– When
gt
is specified, the IP ACL rule matches if the
layer-4 source or destination port number is greater
than the specified port number or portkey. It is
equivalent to specifying the range as <specified port
number + 1> to 65535.
– When
neq
is specified, the IP ACL rule matches only if
the layer-4 source or destination port number is not
equal to the specified port number or portkey.
– IPv4 TCP/UDP port names
: domain
,
echo
,
ftp
,
ftp-
data
,
http
,
smtp
,
snmp
,
telnet
,
tftp
,
www
,
bgp
,
pop2
,
pop3
,
ntp
,
rip
,
time
, and
who
.
•
dstip
dstmask
|
any
|
host
dstip
—Specifies a destination
IP address and netmask for match condition of the IP
ACL rule.
–Specifying
any
implies specifying
dstip
as “0.0.0.0” and
dstmask
as “255.255.255.255”.
–Specifying
host
A.B.C.D implies
dstip
as “A.B.C.D” and
dstmask
as “0.0.0.0”.
•
[precedence
precedence
| tos
tos
[
tosmask
] | dscp
dscp
]—
Specifies the TOS for an IP/TCP/UDP ACL rule
depending on a match of precedence or DSCP values
using the parameters
dscp
,
precedence
, or
tos
tosmask
.
Command Purpose