Filter
Top Products
2095
If the protocol argument is set to tcp or udp, you may define the parameters in
the following table.
If the protocol argument is set to icmp, you may define the parameters in the
following table.
reflective Specifies the rule to
be reflective.
A rule with the reflective keyword can be
defined only for TCP, UDP, or ICMP packets
and its statement can only be permit.
vpn-instance
vpn-instance-name
Specifies a VPN
instance.
The vpn-instance-name argument is a
case-sensitive string of 1 to 31 characters.
fragment Indicates that the rule
applies only to
non-first fragments.
With this keyword not provided, the rule is
effective to both non-fragments and
fragments.
time-range
time-name
Specifies the time
range in which the
rule can take effect.
The time-name argument comprises 1 to 32
characters. It is case insensitive and must start
with an English letter. To avoid confusion, this
name cannot be all.
Table 547 TCP/UDP-specific parameters for advanced IPv4 ACL rules
Parameter Function Description
source-port
operator port1
[ port2 ]
Defines a UDP or TCP
source port against
which UDP or TCP
packets are matched.
The operator argument can be lt (lower than),
gt (greater than), eq (equal to), neq (not equal
to), and range (inclusive range).
port1, port2: TCP or UDP port number,
represented by a number in the range 0 to
65535. TCP port number can be represented
in words as follows:
chargen (19), bgp (179), cmd (514), daytime
(13), discard (9), domain (53), echo (7), exec
(512), finger (79), ftp (21), ftp-data (20),
gopher (70), hostname (101), irc (194),
klogin (543), kshell (544), login (513), lpd
(515), nntp (119), pop2 (109), pop3 (110),
smtp (25), sunrpc (111), tacacs (49), talk
(517), telnet (23), time (37), uucp (540),
whois (43), or www (80).
UDP port number can be represented in words
as follows: biff (512), bootpc (68), bootps
(67), discard (9), dns (53),
dnsix (90), echo
(7), mobilip-ag (434), mobilip-mn (435),
nameserver (42), netbios-dgm (138),
netbios-ns (137), netbios-ssn (139), ntp
(123), rip (520), snmp (161), snmptrap (162),
sunrpc (111), syslog (514), tacacs-ds (65),
talk (517), tftp (69), time (37), who (513),
xdmcp (177).
destination-port
operator port1
[ port2 ]
Defines a UDP or TCP
destination port
against which UDP or
TCP packets are
matched.
established Defines the rule for
TCP connection
packets.
A keyword specific to TCP.
On a router, With this keyword, the rule
matches the TCP connection packets with the
ACK or RST flag.
Table 546 Parameters for advanced IPv4 ACL rules
Parameter Function Description