Command Reference Guide

ManualsBrandsHP ManualsMoonshot SystemsHP Moonshot-45G Switch Module

661

662

663

664

665

666

667

668

669

670

IP Access Control List Commands

CLI Command Reference

September 2014 Page 664

HP Moonshot Switch Module CLI Command Reference

every

Match every packet.

{icmp|igmp|ip|tcp|udp|0–255}

Specifies the protocol to filter for an extended IP ACL rule.

srcip srcmask

Specifies a source IP address and source netmask for match condition

of the IP ACL rule.

[{eq {portkey | 0-65535}]

Specifies the source layer 4 port match condition for the IP ACL rule.

You can use the port number, which ranges from 0-65535, or you

specify the

portkey, which can be one of the following keywords:

domain, echo, ftp, ftpdata, http, smtp, snmp, telnet, tftp, and

www. Each of these keywords translates into its equivalent port

number, which is used as both the start and end of a port range.

dstip dstmask

Specifies a destination IP address and netmask for match condition of

the IP ACL rule.

[precedence precedence | tos tos

tosmask | dscp dscp]

Specifies the TOS for an IP ACL rule depending on a match of

precedence or DSCP values using the parameters dscp, precedence,

tos/tosmask.

[log]

Specifies that this rule is to be logged.

[time-range time-range-name]

Allows imposing time limitation on the ACL rule as defined by the

parameter time-range-name. If a time range with the specified name

does not exist and the ACL containing this ACL rule is applied to an

interface or bound to a VLAN, then the ACL rule is applied

immediately. If a time range with specified name exists and the ACL

containing this ACL rule is applied to an interface or bound to a VLAN,

then the ACL rule is applied when the time-range with specified name

becomes active. The ACL rule is removed when the time-range with

specified name becomes inactive. For information about configuring

time ranges, see “Time Range Commands for Time-Based ACLs” on

page 676.

[assign-queue queue-id]

Specifies the assign-queue, which is the queue identifier to which

packets matching this rule are assigned.

[{mirror | redirect} unit/slot/

port]

The mirror or redirect interface which is the unit/slot/port to which

packets matching this rule are copied or forwarded, respectively.

Table 14: ACL Command Parameters (Cont.)

Parameter Description