
Command Manual – QoS/ACL
Quidway S8500 Series Routing Switches
Chapter 1 ACL Commands
Huawei Technologies Proprietary
1-15
protocol
: Specifies the protocol type which is represented by a name or a number. For
name format, the options include icmp, igmp, tcp, udp, ip, gre, ospf, ipinip etc. The IP
parameter represents all IP protocols. For number format, the value ranges from 1 to
255.
source
{
source-addr wildcard | any
}:
source-addr wildcard
specifies the source IP
address and wildcard digit of source address represented, in dotted decimal notation.
any
represents all source addresses.
destination
{
dest-addr wildcard | any
}:
dest-addr wildcard
specifies the destination IP
address and wildcard digit of destination address represented, in dotted decimal
notation.
any
represents all destination addresses.
source-port operator port1
[
port2
]: Source TCP or UDP port ID of the packet.
operator
means port operator, with options including eq (equal to), gt (greater than), lt
(less than), neq (not equal to) and range (in the range of). Note that it appears only
when the
protocol
parameter is set as TCP or UDP.
port1
[
port2
] stands for source
TCP or UDP port ID of the packet, in characters or digits. Digital value ranges from 0 to
65535. For character options, see the port ID mnemonic symbol list. Only for the range
operator, both
port1
and
port2
are active. For the rest operators, only
port1
is required.
destination-port operator port1
[
port2
]: Destination TCP or UDP port ID of the packet.
See
source-port operator port1
[
port2
] for detailed description.
icmp-type type
code
: It is active when the protocol is set as icmp.
type
code
specifies
an ICMP packet.
type
indicates ICMP packet type, in characters or digits. The digital
value ranges from 0 to 255.
code
is ICMP code, which is active when ICMP is selected
and ICMP packet type is not expression in characters. It ranges from 0 to 255.
established
: (Optional) It is effective only to the first SYN packet established by TCP
and active when
protocol
is set as
tcp
.
precedence precedence
: (Optional) IP priority level, in a number (ranging from 0 to 7)
or a name.
tos tos
: (Optional) Indicating packets are classified by TOS value, in a number (ranging
0 to 15) or a name.
dscp dscp
: (Optional) Indicating packets are classified by DSCP value, in a number
(ranging from 0 to 63) or a name.
fragment
: It is only effective to fragmented messages and is ignored by
non-fragmented messages.
bt-flag
: It indicates that the rule is effective to BT data messages only. If you use this
key word, the
protocol
in the rule must be
tcp
. The parameter is applicable to defining
the advanced ACLs.
vpn-instance instance-name:
VPN instance name. The specified MPLS VPN packets
will be identified if this parameter is selected.
z
Parameters specific to Layer 2 ACLs: