Users Guide
Access Control Lists 701
continued
– When range is specified, TCP or UDP ACL rule
matches only if the layer-4 port number falls within the
specified port range. The startport and endport
parameters identify the first and last ports that are part
of the port range. They have values from 0 to 65535.
The ending port must have a value equal or greater
than the starting port. The starting port, ending port,
and all ports in between will be part of the layer-4 port
range.
– When eq is specified, the IP ACL rule matches only if
the layer-4 port number is equal to the specified port
number or portkey.
– When lt is specified, the IP ACL rule matches if the
layer-4 source or destination port number is less than
the specified port number or portkey. It is equivalent to
specifying the range as 0 to <specified port number –
1>.
– When gt is specified, the IP ACL rule matches if the
layer-4 source or destination port number is greater
than the specified port number or portkey. It is
equivalent to specifying the range as <specified port
number + 1> to 65535.
– When neq is specified, the IP ACL rule matches only if
the layer-4 source or destination port number is not
equal to the specified port number or portkey.
– IPv4 TCP/UDP port names: domain, echo, ftp, ftp-
data, http, smtp, snmp, telnet, tftp, www, bgp, pop2,
pop3, ntp, rip, time, and who.
• dstip dstmask | any | host dstip—Specifies a destination
IP address and netmask for match condition of the IP
ACL rule.
– Specifying any implies specifying dstip as “0.0.0.0” and
dstmask as “255.255.255.255”.
– Specifying host A.B.C.D implies dstip as “A.B.C.D”
and dstmask as “0.0.0.0”.
•
[precedence precedence | tos tos [tosmask] | dscp
dscp]—
Specifies the TOS for an IP/TCP/UDP ACL rule
depending on a match of precedence or DSCP values
using the parameters dscp, precedence, or tos tosmask.
Command Purpose