Manualshelf

3Com Switch 8800 Family IPsec Module Configuration and Command reference Guide

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve 8116fl Redundant Switch Fabric Module
61626364656667686970
Introduction to ACL 69
protocol: IP carried protocol type represented by name or number. The number
range is from 1 to 255. The name can be gre, icmp, igmp, ip, ipinip, ospf, tcp,
and udp.
source: Optional parameter, used to specify source address information of ACL
rule. If it is not configured, it indicates any source address of the packet
matches.
source-addr: Source address of data packet, in dotted decimal.
destination: Optional parameter, used to specify destination address
information of ACL rule. If it is not configured, it indicates any destination
address of the packet matches.
dest-addr: Destination address of data packet, in dotted decimal.
dest-wildcard: Destination address wildcard, in dotted decimal.
any: used to represent all source or destination addresses. It is same with
setting the source or destination address as 0.0.0.0 and wildcard as
255.255.255.255.
icmp-type: Optional parameter, used to specify type of ICMP packet and
message code information, only valid when the packet protocol is ICMP. If it is
not configured, it indicates any type of ICMP packet matches.
icmp-type: ICMP packet can be filtered according to the message type of ICMP.
It is a number ranging from 0 to 255.
icmp-code: ICMP packet filtered according to ICMP message type can also be
filtered according to message code. It is a number ranging from 0 to 255.
icmp-message: ICMP packets can be filtered according to the names of ICMP
message types or the names of ICMP message types and ICMP message codes.
source-port: Optional parameter, used to specify source port information of
UDP or TCP message, only valid when the specified protocol number is TCP or
UDP. If it is not specified, it indicates any source port information of TCP/UDP
packet matches.
destination-port: Optional parameter, used to specify destination port
information of UDP or TCP packet, only valid when the protocol number
specified by the rule is TCP or UDP. If it is not specified, it indicates any
destination port information of TCP/UDP packet matches.
operator: Optional parameter. The port number operator, name and meaning
of source/destination address are compared as follows: lt (lower than), gt
(greater than), eq (equal to), neq (not equal to) and range (between). Only
"range" needs two port numbers as operator, others only need one port
number as operator
port1, port2: Optional parameter, port number of TCP or UDP, represented by
name or number, with the number ranging from 0 to 65535.
dscp dscp: Specifies a DSCP field (the DS byte in IP packets). This keyword is
mutually exclusive with the precedence keyword and the tos keyword.
established: Compares all TCP packets with ACK and RST flags set, including
SYN+ACK, ACK, FIN+ACK, RST and RST+ACK packets.
precedence: Optional parameter, according to which data packet can be
filtered. A number ranging from 0 to 7 or a name. This keyword is mutually
exclusive with the dscp keyword.