Users Guide
Layer 2 Switching Commands 559
data, http, ntp, pop2, pop3, rip, smtp, snmp, telnet, tftp, telnet, time, who
and www. Each of these keywords translates into its equivalent destination
port number.
– When “range” is specified, IPv6 ACL rule matches only if the layer 4
port number falls within the specified port range. The startport and
endport parameters identify the first and last ports that are part of the
port range. They have values from 0 to 65535. The ending port must
have a value equal or greater than the starting port. The starting port,
ending port, and all ports in between will be part of the layer 4 port
range.
– When “eq” is specified, IPv6 ACL rule matches only if the layer 4 port
number is equal to the specified port number or portkey.
– When “lt” is specified, IPv6 ACL rule matches if the layer 4
destination port number is less than the specified port number or
portkey. It is equivalent to specifying the range as 0 to <specified port
number – 1>.
– When “gt” is specified, IPv6 ACL rule matches if the layer 4
destination port number is greater than the specified port number or
portkey. It is equivalent to specifying the range as <specified port
number + 1> to 65535.
– When “neq” is specified, IPv6 ACL rule matches only if the layer 4
destination port number is not equal to the specified port number or
portkey.
– IPv6 TCP port names: bgp, domain, echo, ftp, ftp-data, http, smtp,
telnet, www, pop2, pop3
– IPv6 UDP port names: domain, echo, ntp, rip, snmp, time, who
• destination-ipv6-prefix/prefix-length | any | host destination-ipv6-
address—Specifies a destination IP address and netmask for match
condition of the IP ACL rule.
– For IPv6 ACLs, “any” implies 0::/128 prefix and a mask of all ones.
– Specifying host implies prefix length as “/128” and a mask of 0::/128.
•[dscp dscp]—Specifies a match of DSCP values.
• flag [+fin | -fin] [+syn | -syn] [+rst | -rst] [+psh | -psh] [+ack | -ack]
[+urg | -urg] [established]—Specifies that the IP/TCP/UDP ACL rule
matches on the TCP flags.