R3303-HP 6600/HSR6600 Routers ACL and QoS Command Reference

ManualsBrandsHP ManualsNetwork HardwareHP HSR6602-XG Router

Parameters Function Descri

tion

routing [ type

routing-type ]

Specifies the type of routing

header.

The routing-type argument takes a value in the range of 0

to 255.

If no routing type header is specified, the rule applies to the

IPv6 packets with any type of routing header.

fragment

Applies the rule to only

non-first fragments.

Without this keyword, the rule applies to all fragments and

non-fragments.

time-range

time-range-name

Specifies a time range for

the rule.

The time-range-name argument takes a case-insensitive

string of 1 to 32 characters. It must start with an English

letter. If the time range is not configured, the system creates

the rule. However, the rule using the time range can take

effect only after you configure the timer range.

vpn-instance

vpn-instance-name

Applies the rule to a VPN

instance.

The vpn-instance-name argument takes a case-sensitive

string of 1 to 31 characters.

If no VPN instance is specified, the rule applies to non-VPN

packets.

If the protocol argument takes tcp (6) or udp (17), set the parameters shown in Table 11.

Table 11 TCP/UDP-specific parameters for IPv6 advanced ACL rules

Parameters Function Descri

tion

source-port

operator port1

[ port2 ]

Specifies one or

more UDP or TCP

source ports.

The operator argument can be lt (lower than), gt (greater than), eq

(equal to), neq (not equal to), or range (inclusive range).

The port1 and port2 arguments are TCP or UDP port numbers in the

range of 0 to 65535. port2 is needed only when the operator

argument is range.

TCP port numbers can be represented as: chargen (19), bgp (179),

cmd (514), daytime (13), discard (9), dns (53), echo (7), exec

(512), finger (79), ftp (21), ftp-data (20), gopher (70), hostname

(101), irc (194), klogin (543), kshell (544), login (513), lpd (515),

nntp (119), pop2 (109), pop3 (110), smtp (25), sunrpc (111),

tacacs (49), talk (517), telnet (23), time (37), uucp (540), whois

(43), and www (80).

UDP port numbers can be represented as: biff (512), bootpc

(68),

bootps (67), discard (9), dns (53), dnsix (90), echo (7), mobilip-ag

(434), mobilip-mn (435), nameserver (42), netbios-dgm (138),

netbios-ns (137), netbios-ssn (139), ntp (123), rip (520), snmp

(161), snmptrap (162), sunrpc (111), syslog (514), tacacs-ds (65),

talk (517), tftp (69), time (37), who (513), and xdmcp (177).

destination-port

operator port1

[ port2 ]

Specifies one or

more UDP or TCP

destination ports.

{ ack ack-value |

fin fin-value |

psh psh-value |

rst rst-value |

syn syn-value |

urg urg-value } *

Specifies one or

more TCP flags,

including ACK, FIN,

PSH, RST, SYN, and

URG.

Parameters specific to TCP.

The value for each argument can be 0 (flag bit not set) or 1 (flag bit

set).

established

Specifies the flags for

indicating the

established status of

a TCP connection.

Parameter specific to TCP.

The rule matches TCP connection packets with the ACK or RST flag

bit set.