R3204P16-HP Load Balancing Module Security Command Reference-6PW101

ManualsBrandsHP ManualsComputer AccessoriesHP 7100/7200 IPsec dl Module

Parameters Function

Descri

tion

dscp dscp Specifies a DSCP priority

The dscp argument can be a number in the range 0

to 63, or in words, af11 (10), af12 (12), af13 (14),

af21 (18), af22 (20), af23 (22), af31 (26), af32

(28), af33 (30), af41 (34), af42 (36), af43 (38), cs1

(8), cs2 (16), cs3 (24), cs4 (32), cs5 (40), cs6 (48),

cs7 (56), default (0), or ef (46).

logging Logs matching packets

This function requires that the module (for example,

a firewall) that uses the ACL supports logging.

reflective

Specifies that the rule be

reflective

A rule with the reflective keyword can be defined

only for TCP, UDP, or ICMP packets and can only be

a permit statement.

fragment

Applies the rule to only

non-first fragments

Without this keyword, the rule applies to all

fragments and non-fragments.

time-range

time-range-name

Specifies a time range for

the rule

The time-range-name argument takes a case

insensitive string of 1 to 32 characters. It must start

with an English letter. If the time range is not

configured, the system creates the rule; however, the

rule using the time range can take effect only after

you configure the timer range.

NOTE:

If you provide the precedence or tos keyword in addition to the dscp keyword, only the dscp keyword

takes effect.

If the protocol argument takes tcp (6) or udp (7), you can set the parameters shown in Table 5.

Table 5 TCP/UDP-specific parameters for IPv4 advanced ACL rules

Parameters Function Descri

tion

source-port operator

port1 [ port2 ]

Specifies one or

more UDP or TCP

source ports

The operator argument can be lt (lower than), gt (greater

than), eq (equal to), neq (not equal to), or range (inclusive

range).

The port1 and port2 arguments are TCP or UDP port numbers

in the range 0 to 65535. port2 is needed only when the

operator argument is range.

TCP port numbers can be represented in these words:

chargen (19), bgp (179), cmd (514), daytime (13), discard

(9), domain (53), echo (7), exec (512), finger (79), ftp (21),

ftp-data (20), gopher (70), hostname (101), irc (194), klogin

(543), kshell (544), login (513), lpd (515), nntp (119), pop2

(109), pop3 (110), smtp (25), sunrpc (111), tacacs (49), talk

(517), telnet (23), time (37), uucp (540), whois (43), and

www (80).

UDP port numbers can be represented in these words: biff

(512)

, bootpc (68), bootps (67), discard (9), dns (53), dnsix

(90), echo (7), mobilip-ag (434), mobilip-mn (435),

nameserver (42), netbios-dgm (138), netbios-ns (137),

netbios-ssn (139), ntp (123), rip (520), snmp (161),

snmptrap (162), sunrpc (111), syslog (514), tacacs-ds (65),

talk (517), tftp (69), time (37), who (513), and xdmcp (177).

destination-port

operator port1

[ port2 ]

Specifies one or

more UDP or TCP

destination ports