Comparison operators:
•
eq <tcp/udp-port-nbr>
"Equal To" — to have a match with the ACE entry, the TCP or UDP source port
number in a packet must be equal to
<tcp/udp-port-nbr>
.
•
gt <tcp/udp-port-nbr>
"Greater Than" — to have a match with the ACE entry, the TCP or UDP source
port number in a packet must be greater than
<tcp/udp-port-nbr>
.
•
lt <tcp/udp-port-nbr>
"Less Than" — to have a match with the ACE entry, the TCP or UDP source
port number in a packet must be less than
<tcp/udp-port-nbr>
.
•
neq <tcp/udp-port-nbr>
"Not Equal" — to have a match with the ACE entry, the TCP or UDP source
port number in a packet must not be equal to
<tcp/udp-port-nbr>
.
•
range <start-port-nbr> <end-port-nbr>
For a match with the ACE entry, the TCP or UDP source-port number in a packet
must be in the range
<start-port-nbr> <end-port-nbr>
.
Port number or well-known port name:
Use the TCP or UDP port number required by your application. The switch also
accepts the following TCP and UDP port names as an alternative to their port
numbers:
TCP
bgp, dns, ftp, http, imap4, ldap, nntp, pop2, pop3,
smtp, ssl, telnet
UDP
bootpc, bootps, dns, ntp, radius, radius-old, rip, snmp,
snmp-trap, tftp
To list the above names, press the
[Shift]- [?]
key combination after entering an
operator. For a list of port names, see
www.iana.org/assignments/port-numbers
.
[
comparison-operator <tcp-dest-port>
] [
established
]
[
comparison-operator <udp-dest-port>
]
Enter the comparison operator immediately after the <
DA>
entry.
To specify a TCP or UDP port number:
1.
Select a comparison operator.
2.
Enter the port number or a well-known port name.
Comparison operators and well-known port names
[
established
]
This option applies only where TCP is the configured IPv6
protocol type. It blocks the synchronizing packet associated
with establishing a new TCP connection, while allowing all
other IPv6 traffic for existing connections.
For example, a Telnet connect requires TCP traffic to move
both ways between a host and the target device. Simply
applying a
deny
to inbound Telnet traffic on a VLAN prevents
Telnet sessions in either direction because responses to
outbound requests are blocked. However, by using the
established
option, inbound Telnet traffic arriving in
response to outbound Telnet requests are permitted, but
inbound Telnet traffic trying to establish a new connection is
denied.
84
Updates for the HP Switch Software IPv6 Configuration Guide