R3303-HP 6600/HSR6600 Routers ACL and QoS Command Reference
19
Parameters Function Descri
p
tion
tos tos Specifies a ToS preference
The tos argument can be a number in the range of 0 to
15, or in words, max-reliability (2), max-throughput
(4), min-delay (8), min-monetary-cost (1), or normal
(0).
dscp dscp Specifies a DSCP priority
The dscp argument can be a number in the range of 0 to
63, or in words, af11 (10), af12 (12), af13 (14), af21
(18), af22 (20), af23 (22), af31 (26), af32 (28), af33
(30), af41 (34), af42 (36), af43 (38), cs1 (8), cs2 (16),
cs3 (24), cs4 (32), cs5 (40), cs6 (48), cs7 (56), default
(0), or ef (46).
logging Logs matching packets
This function requires that the module (for example, a
firewall) that uses the ACL supports logging.
reflective
Specifies that the rule be
reflective
A rule with the reflective keyword can be defined only
for TCP, UDP, or ICMP packets and can only be a permit
statement.
vpn-instance
vpn-instance-name
Applies the rule to a VPN
instance
The vpn-instance-name argument takes a case-sensitive
string of 1 to 31 characters.
If no VPN instance is specified, the rule applies only to
non-VPN packets.
fragment
Applies the rule to only
non-first fragments
Without this keyword, the rule applies to all fragments
and non-fragments.
time-range
time-range-name
Specifies a time range for the
rule
The time-range-name argument takes a case-insensitive
string of 1 to 32 characters. It must start with an English
letter. If the time range is not configured, the system
creates the rule. However, the rule using the time range
can take effect only after you configure the timer range.
NOTE:
If you provide the precedence or tos keyword in addition to the dscp keyword, only the dscp keyword
takes effect.
If the protocol argument takes tcp (6) or udp (7), set the parameters shown in Table 7.
Table 7 TCP/UDP-specific parameters for IPv4 advanced ACL rules
Parameters Function Descri
p
tion
source-port
operator port1
[ port2 ]
Specifies one or
more UDP or TCP
source ports.
The operator argument can be lt (lower than), gt (greater than), eq
(equal to), neq (not equal to), or range (inclusive range).
The port1 and port2 arguments are TCP or UDP port numbers in the
range of 0 to 65535. port2 is needed only when the operator
argument is range.
TCP port numbers can be represented as: chargen (19), bgp (179),
cmd (514), daytime (13), discard (9), dns (53), echo (7), exec (512),
finger (79), ftp (21), ftp-data (20), gopher (70), hostname (101), irc
(194), klogin (543), kshell (544), login (513), lpd (515), nntp (119),
pop2 (109), pop3 (110), smtp (25), sunrpc (111), tacacs (49), talk
(517), telnet (23), time (37), uucp (540), whois (43), and www (80).