Foundry NetIron M2404C and M2404F Metro Access Switches
Configuring ACLs (Rev. 03)
Overview
© 2008 Foundry Networks, Inc
Page 18 of 50
eq
(Optional). Compares source or destination ports (equal).
If the operator is positioned after the
source
and
source-wildcard
, it must
match the source port.
If the operator is positioned after the
destination
and
destination-wildcard
,
it must match the destination port.
port
(Optional). The decimal number or name of a TCP or UDP port. A port
number is a number from 0 to 65535. Valid TCP and UDP port names are
listed below (see
Table 10
for TCP port valid literal values and
Table 11
for UDP port valid literal values).
TCP port names can only be used when filtering TCP. UDP port names
can only be used when filtering UDP.
vpt
<
priority
>
(Optional). The VLAN Priority Tag (VPT) in the VLAN tag header.
Priority values range from 0 to 7.
established
(Optional). For the TCP protocol only: Indicates an established
connection. A match occurs if the TCP datagram has the ACK or RST bits
set. The non-matching case is that of the initial TCP datagram to form a
connection.
provider-vlan
<
vlan-id
>
(Optional). Specifies the provider VLAN identifier in the range <1-4093>.
The
provider-vlan
option is applied to the tls uplink interface in order to
match the external VLAN.
vlan <vlan-id>
(Optional). Specifies a VLAN ID number, in the range <1-4093>.
<wildcard mask>
(Optional). Specifies the VLAN mask in hexadecimal format.
untagged
(Optional). Enables matching only on the untagged frames. When the
untagged option is not specified, all tagged and untagged frames will be
matched.
provider-vpt
<priority>
(Optional). Specifies the VLAN Priority Tag (VPT) in the provider VLAN
tag header in the range <0-7>. The
provider-vpt
option is applied to the
tls uplink interface in order to match the external VLAN priority tag.
The provider and/or user VLAN identifiers can be defined for all TLS packets, which are received
on the uplink interface.
The user VLAN identifiers can be specified for all TLS packets, which are received on the user
interface.
Table 6: Valid Precedence Literal Values
Valid Literal Value
Description
Value
critical
Match packets with critical precedence
5
flash
Match packets with flash precedence
3
flash-override
Match packets with flash override precedence
4
immediate
Match packets with immediate precedence
2
internet
Match packets with internetwork control precedence
6
network
Match packets with network control precedence
7
priority
Match packets with priority precedence
1