KB.15.15

ManualsBrandsHP ManualsNetwork HardwareHP 5406R-8XGT/8SFP+ (No PSU) v2 zl2 Switch

261

262

263

264

265

266

267

268

269

270

• neq < tcp/udp-port-nbr>

"Not Equal"; to have a match with the ACE entry, the TCP or UDP source port

number in a packet must not be equal to <tcp/udp-port-nbr >.

• range < start-port-nbr > < end-port-nbr >

For a match with the ACE entry, the TCP or UDP source-port number in a packet

must be in the range <start-port-nbr > < end-port-nbr >.

Port number or well-known port name

Use the TCP or UDP port number required by your application.

The switch also accepts these well-known TCP or UDP port names as an alternative

to their port numbers:

• TCP — bgp, dns, ftp, http, imap4, ldap, nntp, pop2, pop3, smtp, ssl, telnet

• UDP — bootpc, bootps, dns, ntp, radius, radius-old, rip, snmp, snmp-trap, tftp

To list the above names, press the [Shift] [ ?]

key combination after entering an operator. For a

comprehensive listing of port numbers, visit www.iana.org/

assignments/port-numbers.

comparison-operator < tcp-dest-port > established

comparison-operator <udp-dest-port>

This option, if used, is entered immediately after the < DA > entry.

To specify a TCP or UDP port number;

1. select a comparison operator

2. enter the port number or a well-known port name

Comparison operators and well-known port names

These are the same as are used with the TCP/UDP source-port options, and are

listed earlier in this command description.

[established]

This option applies only where TCP is the configured protocol type. It blocks the

synchronizing packet associated with establishing a TCP connection in one direction

on a VLAN while allowing all other IPv4 traffic for the same type of connection in

the opposite direction. For example, a Telnet connect requires TCP traffic to move

both ways between a host and the target device. Simply applying a denyto inbound

Telnet traffic on a VLAN would prevent Telnet sessions in either direction because

responses to outbound requests would be blocked. However, by using the

established option, inbound Telnet traffic arriving in response to outbound Telnet

requests would be permitted, but inbound Telnet traffic trying to establish a

connection would be denied.

TCP control bits

In a given ACE for filtering TCP traffic you can configure one or more of these

options:

• [ack] — Acknowledgement.

• [fin] — Sender finished.

• [rst] — Connection reset.

• [syn] — TCP control bit: sequence number synchronize.

268 IPv4 Access Control Lists (ACLs)