4000 Router Series ACL and QoS Command Reference

ManualsBrandsHP ManualsNetwork HardwareHP MSR2003 AC Router

Parameters Function Descri

tion

tos tos Specifies a ToS preference.

The tos argument can be a number in the range of 0 to

15, or in words: max-reliability (2), max-throughput

(4), min-delay (8), min-monetary-cost (1), or normal

(0).

dscp dscp Specifies a DSCP priority.

The dscp argument can be a number in the range of 0 to

63, or in words: af11 (10), af12 (12), af13 (14), af21

(18), af22 (20), af23 (22), af31 (26), af32 (28), af33

(30), af41 (34), af42 (36), af43 (38), cs1 (8), cs2 (16),

cs3 (24), cs4 (32), cs5 (40), cs6 (48), cs7 (56), default

(0), or ef (46).

fragment

Applies the rule to only

non-first fragments.

Without this keyword, the rule applies to all fragments

and non-fragments.

logging Logs matching packets.

This function requires that the module (for example,

packet filtering) that uses the ACL supports logging.

time-range

time-range-name

Specifies a time range for the

rule.

The time-range-name argument is a case-insensitive

string of 1 to 32 characters. It must start with an English

letter. If the time range is not configured, the system

creates the rule. However, the rule using the time range

can take effect only after you configure the timer range.

For more information about time range, see ACL and

QoS Configuration Guide.

vpn-instance

vpn-instance-name

Applies the rule to a VPN

instance.

The vpn-instance-name argument is a case-sensitive

string of 1 to 31 characters.

If no VPN instance is specified, the rule applies only to

non-VPN packets.

If the protocol argument is tcp (6) or udp (7), set the parameters shown in Table 7.

Table 7 TCP/UDP-specific parameters for IPv4 advanced ACL rules

Parameters Function Descri

tion

source-port

operator port1

[ port2 ]

Specifies one or

more UDP or TCP

source ports.

The operator argument can be lt (lower than), gt (greater than), eq

(equal to), neq (not equal to), or range (inclusive range).

The port1 and port2 arguments are TCP or UDP port numbers in the

range of 0 to 65535. port2 is needed only when the operator

argument is range.

TCP port numbers can be represented as: chargen (19), bgp (179),

cmd (514), daytime (13), discard (9), dns (53), echo (7), exec (512),

finger (79), ftp (21), ftp-data (20), gopher (70), hostname (101), irc

(194), klogin (543), kshell (544), login (513), lpd (515), nntp (119),

pop2 (109), pop3 (110), smtp (25), sunrpc (111), tacacs (49), talk

(517), telnet (23), time (37), uucp (540), whois (43), and www (

80).

UDP port numbers can be represented as: biff (512), bootpc (68),

bootps (67), discard (9), dns (53), dnsix (90), echo (7), mobilip-ag

(434), mobilip-mn (435), nameserver (42), netbios-dgm (138),

netbios-ns (137), netbios-ssn (139), ntp (123), rip (520), snmp

(161), snmptrap (162), sunrpc (111), syslog (514), tacacs-ds (65),

talk (517), tftp (69), time (37), who (513), and xdmcp (177).

destination-port

operator port1

[ port2 ]

Specifies one or

more UDP or TCP

destination ports.