R0106-HP MSR Router Series ACL and QoS Command Reference(V7)

ManualsBrandsHP ManualsNetwork HardwareHP MSR3024 TAA-compliant AC Router

Parameters Function Descri

tion

time-range

time-range-name

Specifies a time range for the

rule.

The time-range-name argument is a case-insensitive

string of 1 to 32 characters. It must start with an English

letter. If the time range is not configured, the system

creates the rule. However, the rule using the time range

can take effect only after you configure the time range.

For more information about time range, see ACL and

QoS Configuration Guide.

vpn-instance

vpn-instance-name

Applies the rule to a VPN

instance.

The vpn-instance-name argument is a case-sensitive

string of 1 to 31 characters.

If you do not specify any VPN instance, the rule applies

only to non-VPN packets.

If the protocol argument is tcp (6) or udp (7), set the parameters shown in Table 7.

Table 7 TCP/UDP-specific parameters for IPv4 advanced ACL rules

Parameters Function Descri

tion

source-port

{ operator port1

[ port2 ] }

Specifies one or

more UDP or TCP

source ports.

The operator argument can be lt (lower than), gt (greater than), eq

(equal to), neq (not equal to), or range (inclusive range).

The port1 and port2 arguments are TCP or UDP port numbers in the

range of 0 to 65535. port2 is needed only when the operator

argument is range.

TCP port numbers can be represented as: chargen (19), bgp (179),

cmd (514), daytime (13), discard (9), domain (53), echo (7), exec

(512), finger (79), ftp (21), ftp-data (20), gopher (70), hostname

(101), irc (194), klogin (543), kshell (544), login (513), lpd (515),

nntp (119), pop2 (109), pop3 (110), smtp (25), sunrpc (111), tacacs

(49), talk (517), telnet (23), time (37), uucp (540), whois (

43), and

www (80).

UDP port numbers can be represented as: biff (512), bootpc (68),

bootps (67), discard (9), dns (53), dnsix (90), echo (7), mobilip-ag

(434), mobilip-mn (435), nameserver (42), netbios-dgm (138),

netbios-ns (137), netbios-ssn (139), ntp (123), rip (520), snmp

(161), snmptrap (162), sunrpc (111), syslog (514), tacacs-ds (65),

talk (517), tftp (69), time (37), who (513), and xdmcp (177).

destination-port

{ operator port1

[ port2 ] }

Specifies one or

more UDP or TCP

destination ports.

{ ack ack-value

| fin fin-value |

psh psh-value |

rst rst-value |

syn syn-value |

urg urg-value }

Specifies one or

more TCP flags

including ACK,

FIN, PSH, RST,

SYN, and URG.

Parameters specific to TCP.

The value for each argument can be 0 (flag bit not set) or 1 (flag bit

set).

The TCP flags in a rule are ORed. For example, a rule configured with

ack 0 psh 1 matches both packets that have the ACK flag bit not set

and packets that have the PSH flag bit set.

established

Specifies the flags

for indicating the

established status

of a TCP

connection.

Parameter specific to TCP.

The rule matches TCP connection packets with the ACK or RST flag bit

set.

If the protocol argument is icmp (1), set the parameters shown in Table 8.