HP VPN Firewall Appliances Network Management Command Reference

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module

261

262

263

264

265

266

267

268

269

270

243

update acl [ ipv6 ] { acl-number | name acl-name }: Specifies a new ACL by its number or name to

replace the ACL already referenced by the class.

Table 51 The value range for the

match-criteria

argument

word and ar

ument combination Descri

tion

acl [ ipv6 ] { acl-number | name acl-name }

Matches an ACL.

The acl-number argument is in the range of 2000 to 4999 for an

IPv4 ACL, and 2000 to 3999 or 10000 to 42767 for an IPv6

ACL.

The acl-name argument is a case-insensitive string of 1 to 63

characters, which must start with an English letter from a to z or A

to Z, and to avoid confusion, it cannot be all.

any Matches all packets.

dscp dscp-list

Matches DSCP values.

The dscp-list argument is a list of up to eight DSCP values. A DSCP

value ranges from 0 to 63.

destination-mac mac-address Matches a destination MAC address.

customer-dot1p 8021p-list

Matches the 802.1p priority of the customer network.

The 8021p-list argument is a list of up to eight 802.1p priority

values. An 802.1p priority ranges from 0 to 7.

ip-precedence ip-precedence-list

Matches IP precedence.

The ip-precedence-list argument is a list of up to eight IP

precedence values. An IP precedence ranges from 0 to 7.

local-precedence local-precedence-list

Matches local precedence.

The local-precedence-list argument is a list of up to eight local

precedence values. A local precedence ranges from 0 to 7.

qos-local-id local-id-value Matches a local QoS ID, which ranges from 1 to 4095.

source-mac mac-address Matches a source MAC address.

1. Defining an ACL-based match criterion

If the ACL referenced in the if-match command does not exist, the class cannot be applied to

hardware.

For a class, you can reference an ACL twice by its name and number with the if-match command,

respectively.

2. Defining a criterion to match a destination MAC address

You can configure multiple destination MAC address match criteria for a class.

A destination MAC address match criterion is significant only to Ethernet interfaces.

3. Defining a criterion to match a source MAC address

You can configure multiple source MAC address match criteria for a class.

A criterion to match a source MAC address is significant only to Ethernet interfaces.

4. Defining a criterion to match DSCP values

{ You can configure multiple DSCP match criteria for a class. All defined DSCP values are

automatically sorted in ascending order.