4000 Router Series ACL and QoS Command Reference

ManualsBrandsHP ManualsNetwork HardwareHP MSR3024 TAA-compliant AC Router

Parameters Function Descri

tion

logging Logs matching packets.

This function requires that the module (for example, packet

filtering) that uses the ACL supports logging.

routing [ type

routing-type ]

Specifies routing header

types.

routing-type: Value of the routing header type, in the range

of 0 to 255.

If you specify the type routing-type option, the rule applies

to the specified type of routing header. Otherwise, the rule

applies to any type of routing header.

time-range

time-range-name

Specifies a time range for

the rule.

The time-range-name argument is a case-insensitive string

of 1 to 32 characters. It must start with an English letter. If

the time range is not configured, the system creates the

rule. However, the rule using the time range can take effect

only after you configure the timer range.

For more information about time range, see ACL and QoS

Configuration Guide.

vpn-instance

vpn-instance-name

Applies the rule to a VPN

instance.

The vpn-instance-name argument is a case-sensitive string

of 1 to 31 characters.

If no VPN instance is specified, the rule applies only to

non-VPN packets.

If the protocol argument is tcp (6) or udp (17), set the parameters shown in Table 11.

Table 11 TCP/UDP-specific parameters for IPv6 advanced ACL rules

Parameters Function Descri

tion

source-port

operator port1

[ port2 ]

Specifies one or more

UDP or TCP source

ports.

The operator argument can be lt (lower than), gt (greater than), eq

(equal to), neq (not equal to), or range (inclusive range).

The port1 and port2 arguments are TCP or UDP port numbers in the

range of 0 to 65535. port2 is needed only when the operator

argument is range.

TCP port numbers can be represented as: chargen (19), bgp (179),

cmd (514), daytime (13), discard (9), dns (53), echo (7), exec

(512), finger (79), ftp (21), ftp-data (20), gopher (70), hostname

(101), irc (194), klogin (543), kshell (544), login (513), lpd (515),

nntp (119), pop2 (109), pop3 (110), smtp (25), sunrpc (111),

tacacs (49), talk (517), telnet (23), time (37), uucp (540), whois

(43), and www (80).

UDP port numbers can be represented as: biff (512), bootpc (68),

bootps (67), discard (9), dns (53), dnsix (90), echo (7), mobilip-ag

(434), mobilip-mn (435), nameserver (42), netbios-dgm (138),

netbios-ns (137), netbios-ssn (139), ntp (123), rip (520), snmp

(161), snmptrap (162), sunrpc (111), syslog (514), tacacs-ds (65),

talk (517), tftp (69), time (37), who (513), and xdmcp (177).

destination-port

operator port1

[ port2 ]

Specifies one or more

UDP or TCP

destination ports.

{ ack ack-value

| fin fin-value |

psh psh-value |

rst rst-value |

syn syn-value |

urg urg-value }

Specifies one or more

TCP flags, including

ACK, FIN, PSH, RST,

SYN, and URG.

Parameters specific to TCP.

The value for each argument can be 0 (flag bit not set) or 1 (flag bit

set).

The TCP flags in a rule are ORed. For example, a rule configured

with ack 0 psh 1 matches packets that have the ACK flag bit not set

or the PSH flag bit set.