Manualshelf

Command Reference Guide

ManualsBrandsHP ManualsRoutersHP 3000 Router Series
1101110211031104110511061107110811091110
3Com Router 3000 Ethernet Family
Command Reference Guide
Chapter 3 Access Control List Configuration
Commands
3Com Corporation
3-5
operator: Optional, comparison between port number of source or destination address.
Their names and meanings are as follows: lt (lower than), gt (greater than), eq (equal
to), neq (not equal to) and range (between). If the operator is range, two port numbers
should follow it. Others only need one port number.
port1, port2: Optional, port number of TCP or UDP, expressed by name or number. The
number range is from 0 to 65535.
dscp dscp: Specifies a DSCP field, the DS byte in IP packets.
established: Matches the TCP packets with the ACK and/or RST flag, including the
TCP packets of these types: SYN+ACK, ACK, FIN+ACK, RST, RST+ACK.
precedence: Optional, a number ranging from 0 to 7, or a name. Packets can be
filtered according to precedence field.
tos tos: Optional, a number ranging from 0 to 15 or a name. Packets can be filtered
according to type of service.
logging: Optional, indicating whether to log qualified packets. The log contents include
sequence number of ACL rule, packets passed or discarded, upper layer protocol type
over IP, source/destination address, source/destination port number, and number of
packets.
time-range time-name: Specifies that the ACL is valid in this time range.
fragment: Specifies that this rule is only valid for the fragment packets that are not the
first fragment. When this parameter is contained, it indicates that the rule is only valid
for the fragment packets that are not the first fragment. A matching rule specified
without this keyward cannot match fragments.
interface interface-type interface-number: Specifies the interface information of the
packets. If no interface is specified, all interfaces can be matched. any represents all
interfaces.
vpn-instance: Optional, specifies a vpn-instance. If it is not specified, the ACL rule is
invalid for packets in all vpn-instances. If it is specified, the ACL rule is valid only for the
specified vpn-instance.
vpn-instance-name: Specifies the name of a vpn-instance that existed.
In the undo rule command:
rule-id: ID of an ACL rule, it should be an existing ACL rule number. If the command is
not followed by other parameters, this ACL rule will be deleted completely; otherwise,
only part of information related to this ACL rule will be deleted.
comment text: Specifies a comment for each rule.
source: Optional. Only the information settings related to the source address part of
the ACL rule number will be deleted.
destination: Optional. Only the information setting related to the destination address
part of the ACL rule number will be deleted.