R21xx-HP FlexFabric 11900 ACL and QoS Command Reference

ManualsBrandsHP ManualsNetwork HardwareHP FlexFabric 11000 Switch Products

Table 7 Match criteria and other rule information for IPv4 advanced ACL rules

Parameters Function Descri

tion

source

{ source-address

source-wildcard |

any }

Specifies a source address.

The source-address source-wildcard arguments

represent a source IP address and wildcard mask in

dotted decimal notation. An all-zero wildcard specifies

a host address.

The any keyword specifies any source IP address.

destination

{ dest-address

dest-wildcard |

any }

Specifies a destination

address.

The dest-address dest-wildcard arguments represent a

destination IP address and wildcard mask in dotted

decimal notation. An all-zero wildcard specifies a host

address.

The any keyword represents any destination IP address.

counting

Counts the number of times the

IPv4 advanced ACL rule has

been matched.

The counting keyword enables match counting specific

to rules, and the hardware-count keyword in the

packet-filter command enables match counting for all

rules in an ACL. If the counting keyword is not specified,

matches for the rule are not counted.

precedence

Specifies an IP precedence

value.

The precedence argument can be a number in the range

of 0 to 7, or in words, routine (0), priority (1),

immediate (2), flash (3), flash-override (4), critical (5),

internet (6), or network (7).

tos tos Specifies a ToS preference.

The tos argument can be a number in the range of 0 to

15, or in words, max-reliability (2), max-throughput

(4), min-delay (8), min-monetary-cost (1), or normal

(0).

dscp dscp Specifies a DSCP priority.

The dscp argument can be a number in the range of 0 to

63, or in words, af11 (10), af12 (12), af13 (14), af21

(18), af22 (20), af23 (22), af31 (26), af32 (28), af33

(30), af41 (34), af42 (36), af43 (38), cs1 (8), cs2 (16),

cs3 (24), cs4 (32), cs5 (40), cs6 (48), cs7 (56), default

(0), or ef (46).

fragment

Applies the rule to only

non-first fragments.

Without this keyword, the rule applies to all fragments

and non-fragments.

logging Logs matching packets.

This function requires that the module (for example,

packet filtering) that uses the ACL supports logging.

time-range

time-range-name

Specifies a time range for the

rule.

The time-range-name argument takes a case-insensitive

string of 1 to 32 characters. It must start with an English

letter. If the time range is not configured, the system

creates the rule. However, the rule using the time range

can take effect only after you configure the timer range.

For more information about time range, see ACL and

QoS Configuration Guide.

vpn-instance

vpn-instance-name

Applies the rule to packets in a

VPN instance.

The vpn-instance-name argument takes a case-sensitive

string of 1 to 31 characters.

If no VPN instance is specified, the rule applies only to

non-VPN packets.

If the protocol argument takes tcp (6) or udp (7), set the parameters shown in Table 8.