Users Guide
Layer 2 Switching Commands 278
•
[{{eq | neq | lt | gt} {portkey | number} | range startport endport}]
—
Specifies the layer 4 source or destination port match condition for the
TCP/UDP ACL rule. When the protocol is SCTP, TCP or UDP, a source or
destination port number, which ranges from 0-65535, or a portkey, which
can be one of the following keywords: domain, echo, ftp, ftp-data, http,
smtp, snmp, telnet, tftp, www, bgp, pop2, pop3, ntp, rip, time, who may be
entered. Each of these keywords translates into its equivalent destination
port number.
– When “range” is specified, IP ACL rule matches only if the layer 4
port number falls within the specified port range. The startport and
endport parameters identify the first and last ports that are part of the
port range. They have values from 0 to 65535. The ending port must
have a value equal or greater than the starting port. The starting port,
ending port, and all ports in between will be part of the layer 4 port
range.
– When “eq” is specified, IP ACL rule matches only if the layer 4 port
number is equal to the specified port number or portkey.
– When “lt” is specified, IP ACL rule matches if the layer 4 destination
port number is less than the specified port number or portkey. It is
equivalent to specifying the range as 0 to <specified port number –
1>.
– When “gt” is specified, IP ACL rule matches if the layer 4 destination
port number is greater than the specified port number or portkey. It is
equivalent to specifying the range as <specified port number + 1> to
65535.
– When “neq” is specified, IP ACL rule matches only if the layer 4
destination port number is not equal to the specified port number or
portkey.
– IPv4 TCP/UDP port names: domain, echo, ftp, ftp-data, http, smtp,
snmp, telnet, tftp, www, bgp, pop2, pop3, ntp, rip, time, who
• dstip dstmask | any | host dstip—Specifies a destination IP address and
netmask for match condition of the IP ACL rule.
– Specifying “any” implies specifying dstip as “0.0.0.0” and dstmask as
“255.255.255.255”.
– Specifying “host A.B.C.D” implies dstip as “A.B.C.D” and dstmask as
“0.0.0.0”.