3Com Switch 8800 Family IPsec Module Configuration and Command reference Guide

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve 8116fl Redundant Switch Fabric Module

311

312

313

314

315

316

317

318

319

320

318 CHAPTER 18: ACCESS CONTROL LIST CONFIGURATION COMMANDS

rule-id: ID of an ACL rule, optional, ranging from 0 to 65534. If you specify a

rule-id, and the ACL rule related to the ID already exists, the newly defined rule

will overwrite the existing rule, just as editing the existing ACL rule. If the rule-id

you specify does not exist, a new rule number with the specified rule-id will be

created. If you do not specify the rule-id, A new rule will be created and the

system will assign a rule-id to the ACL rule automatically.

deny: Discards matched packets.

permit: Permits matched packets.

protocol: Protocol type over IP expressed by name or number. The number range is

from 0 to 255, and the name range covers GRE, ICMP, IGMP, IP, IPINIP, OSPF, TCP

and UDP.

source: Optional, specify source address information of ACL rule. If it is not

configured, it indicates that any source address of the packets matches.

sour-addr: Source IP address of packets in dotted decimal format.

sour-wildcard: Source address wildcard in dotted decimal format.

destination: Optional, specify destination address information of ACL rule. If it is

not configured, it indicates that any destination address of the packets matches.

dest-addr: Destination IP address of packets in dotted decimal format.

dest-wildcard: Destination address wildcard in dotted decimal format.

any: Represents the source or destination address 0.0.0.0 with the wildcard

255.255.255.255.

icmp-type: Optional, specify ICMP packet type and ICMP message code, only

valid when packet protocol is ICMP. If it is not configured, it indicates any ICMP

packet matches.

icmp-type: ICMP packet can be filtered according to ICMP message type. It is a

number ranging from 0 to 255.

icmp-code: ICMP packets that can be filtered according to ICMP message type can

also be filtered according to message code. It is a number ranging from 0 to 255.

icmp-message: ICMP packets can be filtered according to ICMP message type or

ICMP message code.

source-port: Optional, specify source port information of UDP or TCP packets,

valid only when the protocol specified by the rule is TCP or UDP. If it is not

specified, it indicates that any source port information of TCP/UDP packets

matches.

destination-port: Optional, specify destination port information of UDP or TCP

packets, valid only when the protocol specified by the rule is TCP or UDP. If it is not

specified, it indicates that any destination port information of TCP/UDP packets

matches.