Command Manual - QoS/ACL
Quidway S3500 Series Ethernet Switches
Chapter 1 ACL Commands
Huawei Technologies Proprietary
1-37
source-addr wildcard | any
:
source-addr wildcard
is the source IP address and source
address wildcard, expressed in dotted decimal notation.
any
represents any source
address.
fragment
: Indicates that the rule takes effect on fragmented packets only and will be
ignored for other packets.
z
The parameter of advanced ACL
protocol
: This parameter is to define protocol type, which can be indicated by name, or
digit. This parameter can be icmp, igmp, tcp, udp, ip, gre, ospf or ipinip. If this
parameter takes ip, it means all the IP protocols. This parameter can be 1 ~ 255 if
indicated by digit.
source-addr wildcard | any
:
source-addr wildcard
is the source IP address and source
address wildcard, expressed in dotted decimal notation.
any
represents any source
address.
dest-addr wildcard | any
:
dest-addr wildcard
is the destination IP address and
destination address wildcard, expressed in dotted decimal notation.
any
represents
any destination address.
source-port operator port1
[
port2
]: This parameter is to define the source TCP or
UDP port number. Here,
operator
represents port operation character, including eq
(equal to), gt (greater than), lt (less than), neq (not equal to), and range (in certain
range). Note: This parameter is available only when
protocol
parameter takes TCP or
UDP.
port1
[
port2
]: TCP or UDP port number of packets, expressed with characters or
numbers. The numbers are in the range of 0 to 65535 and refer to mnemonic symbol
table for character values.
destination-port operator port1
[
port2
]: This parameter is to define the destination
TCP or UDP port number. The meaning of
operator port1
[
port2
] is same as upper
parameter.
Note:
When you activate the rule with predefined TCP/UDP source and destination port
ranges on the S3552 series, the switches can automatically divide this rule into several
rules, ensuring the port ranges meet the requirement of [A*2^n , (A+1)*2^n - 1], where
both A and n are integers. If the rules are more than 64, the rule cannot be activated
and the switches prompt you of the failure.
S3552 series switch does not support
icmp-type type code
parameters when
configure ACL rules.
established
: Used when
protocol
is tcp to indicate that the rule takes effect on the first
SYN packet to establish TCP connection.