Administrator Guide
Layer 2 Switching Commands 272
– When “neq” is specified, IP ACL rule matches only if the layer 4
destination port number is not equal to the specified port number or
portkey.
– IPv4 TCP/UDP port names: domain, echo, ftp, ftp-data, http, smtp,
snmp, telnet, tftp, www, bgp, pop2, pop3, ntp, rip, time, who
• dstip dstmask | any | host dstip—Specifies a destination IP address and
netmask for match condition of the IP ACL rule.
– Specifying “any” implies specifying dstip as “0.0.0.0” and dstmask as
“255.255.255.255”.
– Specifying “host A.B.C.D” implies dstip as “A.B.C.D” and dstmask as
“0.0.0.0”.
•
[precedence precedence | tos tos [tosmask] | dscp dscp]—
Specifies the
TOS for an IP/TCP/UDP ACL rule depending on a match of precedence
or DSCP values using the parameters dscp, precedence, or tos tosmask.
• flag [+fin | -fin] [+syn | -syn] [+rst | -rst] [+psh | -psh] [+ack | -ack]
[+urg | -urg] [established]—Specifies that the IP/TCP/UDP ACL rule
matches on the TCP flags.
– Ack – Acknowledgment bit
– Fin – Finished bit
– Psh – push bit
– Rst – reset bit
– Syn – Synchronize bit
– Urg – Urgent bit
– When “+<tcpflagname>” is specified, a match occurs if specified
<tcpflagname> flag is set in the TCP header.
– When “-<tcpflagname>” is specified, a match occurs if specified
<tcpflagname> flag is *NOT* set in the TCP header.
– When “established” is specified, a match occurs if either the RST or
ACK bits are set in the TCP header.
– This option is visible only if protocol is “tcp”.
•
[icmp-type icmp-type [icmp-code icmp-code] | icmp-message icmp-
message] —
Specifies a match condition for ICMP packets.