Manualshelf

F3215-HP Load Balancing Module Security Command Reference-6PW101

ManualsBrandsHP ManualsComputer AccessoriesHP 7100/7200 IPsec dl Module
31323334353637383940
23
[ icmp-code ] | icmp-message } | logging | precedence precedence | reflective | source
{ source-address source-wildcard | any } | source-port operator port1 [ port2 ] | time-range
time-range-name | tos tos | vpn-instance vpn-instance-name ] *
undo rule rule-id [ { { ack | fin | psh | rst | syn | urg } * | established } | counting | destination |
destination-port | dscp | fragment | icmp-type | logging | precedence | reflective | source |
source-port | time-range | tos | vpn-instance ] *
Default
An IPv4 advanced ACL does not contain any rule.
Views
IPv4 advanced ACL view
Default command level
2: System level
Parameters
rule-id: Specifies a rule ID, in the range of 0 to 65534. If no rule ID is provided when you create an ACL
rule, the system automatically assigns it a rule ID. This rule ID takes the nearest higher multiple of the
numbering step to the current highest rule ID, starting from 0. For example, if the rule numbering step is
5 and the current highest rule ID is 28, the rule is numbered 30.
deny: Denies matching packets.
permit: Allows matching packets to pass.
protocol: Protocol carried by IPv4. It can be a number in the range of 0 to 255, or in words, gre (47),
icmp (1) , igmp (2), ip, ipinip (4), ospf (89), tcp (6), or udp (17) . Table 5 de
scribes the parameters that you
can spec
ify regardless of the value that the protocol argument takes.
Table 5 Match criteria and other rule information for IPv4 advanced ACL rules
Parameters Function Descri
p
tion
source
{ source-address
source-wildcard |
any }
Specifies a source address
The source-address source-wildcard arguments
represent a source IP address and wildcard mask in
dotted decimal notation. An all-zero wildcard specifies
a host address.
The any keyword specifies any source IP address.
destination
{ dest-address
dest-wildcard |
any }
Specifies a destination
address
The dest-address dest-wildcard arguments represent a
destination IP address and wildcard mask in dotted
decimal notation. An all-zero wildcard specifies a host
address.
The any keyword represents any destination IP address.
counting
Counts the number of times the
ACL rule has been matched.
This option is disabled by
default.
Rule counting is always enabled in the current software
version even if you do not specify this keyword.
precedence
precedence
Specifies an IP precedence
value
The precedence argument can be a number in the range
of 0 to 7, or in words, routine (0), priority (1),
immediate (2), flash (3), flash-override (4), critical (5),
internet (6), or network (7).