Chapter 4 Service Configuration
Parameter
Description
dscp
<
0-63
>
This rule is only valid for the message with the specified DSCP
value. Ignore this rule for other messages. The range of DSCP
value is 0 to 63.
fragment
This rule is only valid for fragment messages. For non-fragment
messages, this rule is ignored.
cos
<
0-7
>
This rule is only valid for the cos-specified message. Ignore this
rule for other messages. The range of cos is 0 to 7.
<
vlan-id
>
This rule is only valid for messages with the specified VLAN ID.
Ignore this rule for other messages. The rule of VLAN ID is 1
to 4094.
<
vlan-mask
>
Optional VLAN mask. The default value is 0xfff.
<
source-mac
>
Source MAC address of the transmitted packet.
<
smac-mask
>
Source MAC mask.
any
(fourth)
The any keyword is used as the abbreviation of source MAC
address 00.00.00.00.00.00 and mask 00.00.00.00.00.00.
<
dest-mac
>
Destination MAC address of the transmitted packet.
<
dmac-mask
>
Destination MAC address of the transmitted packet.
any
(fifth)
The any keyword is used as the abbreviation of the destination
MAC address 00.00.00.00.00.00 and mask 00.00.00.00.00.00.
Guidelines
The IP rule can match source-specified IPs, any source IPs, destination-specified IPs, any
destination IPs, DSCP fields, IP fragment fields, cos fields, VLAN fields, source-specified
MACs, any source MACs, destination-specified MACs, and any destination MACs. The
rule can be bound to one or all ports.
4.13.41 ingress-acl global rule type-tcp
Purpose
This command sets the rule that the global ingress ACL matches the IPv4-TCP packet.
Command Mode
Global ingress ACL configuration mode
Syntax
rule
<
1-500
>{
permit
|
deny
}
port
{<
1-28
>|
any
}
tcp
{<
source-ipaddr
><
sip-mask
>|
any
}[
source-
port
<
0-65535
><
sport-mask
>]{<
destination-ipaddr
><
dip-mask
>|
any
}[
dest-port
<
0-65535
><
d
4-251
SJ-20130731155059-003|2013-11-27 (R1.0)
ZTE Proprietary and Confidential