Command Manual – ACL
H3C S7500E Series Ethernet Switches
Chapter 1 ACL Configuration Commands
1-31
Table 1-10
TCP/UDP-specific match criteria for advanced IPv6 ACL rules
Parameters
Function
Description
source-port
operator port1
[
port2
]
Defines the
source port in
the UDP/TCP
packet.
destination-port
operator port1
[
port2
]
Defines the
destination
port in the
UDP/TCP
packet.
The
operator
argument can be
lt
(lower than),
gt
(greater than),
eq
(equal to), or
range
(inclusive range).
The
port1
and
port2
arguments each specify a
TCP or UDP port, represented by a number in
the range 0 to 65535. TCP port number can
be represented in words as follows:
chargen
(19),
bgp
(179),
cmd
(514),
daytime
(13),
discard
(9),
domain
(53),
echo
(7),
exec
(512),
finger
(79),
ftp
(21),
ftp-data
(20),
gopher
(70),
hostname
(101),
irc
(194),
klogin
(543),
kshell
(544),
login
(513),
lpd
(515),
nntp
(119),
pop2
(109),
pop3
(110),
smtp
(25),
sunrpc
(111),
tacacs
(49),
talk
(517),
telnet
(23),
time
(37),
uucp
(540),
whois
(43), or
www
(80).
UDP port number can be represented in
words as follows:
biff
(512),
bootpc
(68),
bootps
(67),
discard
(9),
dns
(53),
dnsix
(90),
echo
(7),
mobilip-ag
(434),
mobilip-mn
(435),
nameserver
(42),
netbios-dgm
(138),
netbios-ns
(137),
netbios-ssn
(139),
ntp
(123),
rip
(520),
snmp
(161),
snmptrap
(162),
sunrpc
(111),
syslog
(514),
tacacs-ds
(65),
talk
(517),
tftp
(69),
time
(37),
who
(513),
xdmcp
(177).
With the
range
operator, the value of
port2
does not need to be greater than that of
port1
because the switch can automatically judge
the value range. If the two values are the
same, the switch will convert the operator
range
to
eq
.
Note that if you specify a combination of
lt
1 or
gt
65534, the switch will convert it to
eq
0 or
eq
65535.
If the
protocol
argument is set to ICMPv6, you may define the parameters in the
following table.