ZXR105250SeriesCommandReference
Guidelines
TheIPrulecanmatchIPv4packetswithspeciedsourceIPaddresses,anysourceIP
address,specieddestinationIPaddresses,anydestinationIPaddress,DSCPelds,or
IPfragmentelds.
4.13.15ingress-aclextendruletype-tcp
Purpose
ThiscommandsetstherulethattheextendedingressACLisusedtomatchTCP
messages.
CommandMode
ExtendedingressACLcongurationmode
Syntax
rule<1-500>{permit|deny}tcp{<source-ipaddr><sip-mask>|any}[source-port<0-65535><s
port-mask>]{<destination-ipaddr><dip-mask>|any}[dest-port<0-65535><dport-mask>][establ
ishing|established][dscp<0-63>][fragment]
ParameterDescription
ParameterDescription
<1-500>Rulenumber.
permitIftheconditionmatches,accessispermitted.
denyIftheconditionmatches,accessisdenied.
tcp
ThisruleonlymatchesTCPmessage.Non-TCPmessageignores
thisrule.
<source-ipaddr>
IPaddressofthesourcenetworkorhosttransmittingpackets.Itis
a32-bitIPaddressexpressedindotteddecimalnotation.
<sip-mask>
Sourcemaskusedforsources.Itisa32-bitIPaddressexpressed
indotteddecimalnotation.
any(rst)
Theanykeywordisusedastheabbreviationofthesource0.0.0.0
andthesourcemask0.0.0.0.
source-port<0-65535>
TCPsourceportnumberofthetransmittedpacket
Theparametersofsource-portcanresolvethesomeknownport
numbers.Alsotheportnumberandmaskcanbedirectlyinputted.
<sport-mask>Sourceportnumbermask.
<destination-ipaddr>
Destinationnetworkorhostofthetransmittedpacket.Itisa32-bit
IPaddressexpressedindotteddecimalnotation.
4-224
SJ-20131111172707-003|2013-11-27(R1.0)ZTEProprietaryandCondential
To Next Page
Loading...
Need help?
General
