F3215-HP Load Balancing Module Security Command Reference-6PW101
30
Parameters Function Descri
p
tion
dscp dscp
Specifies a DSCP
preference.
The dscp argument can be a number in the range of 0 to
63, or in words, af11 (10), af12 (12), af13 (14), af21
(18), af22 (20), af23 (22), af31 (26), af32 (28), af33
(30), af41 (34), af42 (36), af43 (38), cs1 (8), cs2 (16), cs3
(24), cs4 (32), cs5 (40), cs6 (48), cs7 (56), default (0), or
ef (46).
flow-label
flow-label-value
Specifies a flow label value
in an IPv6 packet header.
The flow-label-value argument is in the range of 0 to
1048575.
logging Logs matching packets.
This function requires that the module that uses the ACL
supports logging.
routing [ type
routing-type ]
Specifies the type of routing
header.
The routing-type argument takes a value in the range of 0
to 255.
If no routing type header is specified, the rule applies to the
IPv6 packets with any type of routing header.
fragment
Applies the rule to only
non-first fragments.
Without this keyword, the rule applies to all fragments and
non-fragments.
time-range
time-range-name
Specifies a time range for
the rule.
The time-range-name argument takes a case-insensitive
string of 1 to 32 characters. It must start with an English
letter. If the time range is not configured, the system creates
the rule. However, the rule using the time range can take
effect only after you configure the timer range.
vpn-instance
vpn-instance-name
Applies the rule to packets
in a VPN instance.
The vpn-instance-name argument takes a case-sensitive
string of 1 to 31 characters.
If no VPN instance is specified, the rule applies to non-VPN
packets.
If the protocol argument takes tcp (6) or udp (17), set the parameters shown in Table 10.
Table 10 TCP/UDP-specific parameters for IPv6 advanced ACL rules
Parameters Function Descri
p
tion
source-port
operator port1
[ port2 ]
Specifies one or more
UDP or TCP source
ports.
The operator argument can be lt (lower than), gt (greater than), eq
(equal to), neq (not equal to), or range (inclusive range).
The port1 and port2 arguments are TCP or UDP port numbers in the
range of 0 to 65535. port2 is needed only when the operator
argument is range.
TCP port numbers can be represented as: chargen (19), bgp (179),
cmd (514), daytime (13), discard (9), domain (53), echo (7), exec
(512), finger (79), ftp (21), ftp-data (20), gopher (70), hostname
(101), irc (194), klogin (543), kshell (544), login (513), lpd (515),
nntp (119), pop2 (109), pop3 (110), smtp (25), sunrpc (111),
tacacs (49), talk (517), telnet (23), time (37), uucp (540), whois
(43), and www (80).
UDP port numbers can be represented as: biff (512), bootpc
(
68),
bootps (67), discard (9), dns (53), dnsix (90), echo (7), mobilip-ag
(434), mobilip-mn (435), nameserver (42), netbios-dgm (138),
netbios-ns (137), netbios-ssn (139), ntp (123), rip (520), snmp
(161), snmptrap (162), sunrpc (111), syslog (514), tacacs-ds (65),
talk (517), tftp (69), time (37), who (513), and xdmcp (177).
destination-port
operator port1
[ port2 ]
Specifies one or more
UDP or TCP
destination ports.