3com 8807 Guia De Referência
226
C
HAPTER
16: ACL C
OMMANDS
source { source-addr wildcard | any }: source-addr wildcard specifies the source IP
address and wildcard digit of source address represented in dotted decimal
notation. any represents all source addresses.
address and wildcard digit of source address represented in dotted decimal
notation. any represents all source addresses.
fragment: It is only effective to fragmented messages and is ignored by
non-fragmented messages.
non-fragmented messages.
vpn-instance instance-name: VPN instance name. The specified MPLS VPN
packets will be identified if this parameter is selected.
packets will be identified if this parameter is selected.
■
Parameters specific to advanced ACLs:
protocol: Specifies the protocol type which is represented by a name or a number.
For name format, the options include icmp, igmp, tcp, udp, ip, gre, ospf, ipinip
etc. The IP parameter represents all IP protocols. For number format, the value
ranges from 1 to 255.
For name format, the options include icmp, igmp, tcp, udp, ip, gre, ospf, ipinip
etc. The IP parameter represents all IP protocols. For number format, the value
ranges from 1 to 255.
source { source-addr wildcard | any }: source-addr wildcard specifies the source IP
address and wildcard digit of source address represented, in dotted decimal
notation. any represents all source addresses.
address and wildcard digit of source address represented, in dotted decimal
notation. any represents all source addresses.
destination { dest-addr wildcard | any }: dest-addr wildcard specifies the
destination IP address and wildcard digit of destination address represented, in
dotted decimal notation. any represents all destination addresses.
destination IP address and wildcard digit of destination address represented, in
dotted decimal notation. any represents all destination addresses.
source-port operator port1 [ port2 ]: Source TCP or UDP port ID of the packet.
operator means port operator, with options including eq (equal to), gt (greater
than), lt (less than), neq (not equal to) and range (in the range of). Note that it
appears only when the protocol parameter is set as TCP or UDP. port1 [ port2 ]
stands for source TCP or UDP port ID of the packet, in characters or digits. Digital
value ranges from 0 to 65535. For character options, see the port ID mnemonic
symbol list. Only for the range operator, both port1 and port2 are active. For the
rest operators, only port1 is required.
operator means port operator, with options including eq (equal to), gt (greater
than), lt (less than), neq (not equal to) and range (in the range of). Note that it
appears only when the protocol parameter is set as TCP or UDP. port1 [ port2 ]
stands for source TCP or UDP port ID of the packet, in characters or digits. Digital
value ranges from 0 to 65535. For character options, see the port ID mnemonic
symbol list. Only for the range operator, both port1 and port2 are active. For the
rest operators, only port1 is required.
destination-port operator port1 [ port2 ]: Destination TCP or UDP port ID of the
packet. See source-port operator port1 [ port2 ] for detailed description.
packet. See source-port operator port1 [ port2 ] for detailed description.
icmp-type type code: It is active when the protocol is set as icmp. type code
specifies an ICMP packet. type indicates ICMP packet type, in characters or digits.
The digital value ranges from 0 to 255. code is ICMP code, which is active when
ICMP is selected and the ICMP packet type is expressed in the numeral format. It
ranges from 0 to 255. This parameter is used to define an EACL.
specifies an ICMP packet. type indicates ICMP packet type, in characters or digits.
The digital value ranges from 0 to 255. code is ICMP code, which is active when
ICMP is selected and the ICMP packet type is expressed in the numeral format. It
ranges from 0 to 255. This parameter is used to define an EACL.
Table 31 Relationship of type and code
ICMP packet type (TYPE)
ICMP packet type (TYPE)
ICMP code (CODE)
echo
8
0
echo
0
0
fragmentneed-DFset
3
4
host-redirect
5
1
host-tos-redirect
5
3
host-unreachable
3
1
information-reply
16
0