ACL TCP/UDP Filter configuration, Port mask | HP 445942-001 specs

Configuration Commands

ACL TCP/UDP Filter configuration

These commands allow you to define TCP/UDP matching criteria for an ACL. The following table describes the TCP/UDP Filter Configuration commands.

Table 158 TCP/UDP Filter Configuration commands

CommandDescription

access-control list <1-384> tcp- udp source-port <1-65535> {<port mask>}

Defines a source port for the ACL. If defined, traffic with the specified TCP or UDP source port will match this ACL. Specify the port number. Some of the well-known ports include:

20—ftp-data 21—ftp 22—ssh 23—telnet 25—smtp 37—time 42—name 43—whois 53—domain 69—tftp 70—gopher 79—finger 80—http

	Command mode: Global configuration

access-control list <1-384> tcp-	Defines a destination port for the ACL. If defined, traffic with the
udp destination-port <1-65535>	specified TCP or UDP destination port will match this ACL. Specify
{<port mask>}	the port number, just as with source-portabove.
	the port number, just as with source-portabove.
	Command mode: Global configuration

access-control list <1-384> tcp-	Defines a TCP/UDP flag for the ACL.
udp flags <value (0x0-0x3f)>	Command mode: Global configuration
	Command mode: Global configuration

default access-control list <1	Resets the TCP/UDP parameters for the ACL to their default values.
384> tcp-udp	Command mode: Global configuration
	Command mode: Global configuration

show access-control list [<1-384>]	Displays the current TCP/UDP Filtering parameters.
tcp-udp	Command mode: All except User EXEC
	Command mode: All except User EXEC

173

Image 173

HP 445942-001 manual ACL TCP/UDP Filter configuration, Port mask, Udp flags value 0x0-0x3f

Contents

HP 10Gb Ethernet BL-c Switch Legal notices Contents Statistics Commands Configuration Commands 802.1x Port configuration 128 Operations Commands Index Additional references Connecting to the switchIntroduction Parameter Value Setting an IP addressEstablishing a console connection Establishing an SSH connection Telnet 10GbE switch IP addressEstablishing a Telnet connection # ssh user@10GbE switch IP address Accessing the switch User account Description and tasks performed Idle timeout Ping IP address Typeface or symbol MeaningTypographical conventions Iscli Command Modes Accessing the IscliMain# boot/mode iscli Switchconfig# boot cli-mode aos Command Mode/Prompt Command used to enter or exit Command Global commandsTraceroute host nameIP address max-hops msec delay Action Command abbreviation Command line interface shortcutsSwitchconfig# spanning-tree stp 1 bridge hello Switchconfig# sp stp 1 br h Command Usage Show access user System Information commandsShow information-dump Show snmp-server SNMPv3 Information commands SNMPv3 USM User Table information Command mode AllSNMPv3 View Table information Field Description Show snmp-server v3 access Command mode All SNMPv3 Access Table informationFieldDescription View Name Show snmp-server v3 community Command mode All Show snmp-server v3 group Command mode AllSNMPv3 Group Table information SNMPv3 Community Table information Show snmp-server v3 target-parameters Command mode All Show snmp-server v3 target-address Command mode AllSNMPv3 Target Address Table information SNMPv3 Target Parameters Table information Show snmp-server v3 notify SNMPv3 Notify Table informationSec Level NameTag V1v2trapv1v2trap SNMPv3 dump Show snmp-server v3 Command mode All Show sys-info System information Show recent syslog messages Show logging messages Command mode All User Oper Admin Current User ID Table Show access userSystem user information FieldUsage Layer 2 information Mac-address FDB information commandsXxxxxxxxxxxx . For example Number Clearing entries from the forwarding database Link Aggregation Control Protocol informationShow all FDB information Lacp dump Show lacp information Command mode All 802.1x information Show dot1x information Command mode AllForce-unauth Auto Connecting Authenticator PAE StateAuthenticating Authenticated Spanning Tree information Show spanning-tree stp 1-128 information Command mode AllShow spanning-tree stp 1-128 bridge Show spanning-tree 1-128 information Current Root Path-Cost Port Priority bridge Hello ParameterDescriptionMaxAge FwdDel Aging Priority port Cost Desg 8018 Rapid Spanning Tree and Multiple Spanning Tree informationDesg 8017 P2P2,Edge Parameter Show spanning-tree mstp cist information Common Internal Spanning Tree information Cist Root Parameter Description Trunk group information Trunk group 1, Enabled Port state STG 1 forwardingShow portchannel information Designated Bridge Designated Port Hello Type Show vlan Vlan informationShow vlan Layer 3 information Show ip route Route informationShow all IP Route information Local Indirect Gateway address DirectBroadcast Martian Show all ARP entry information ARP informationShow ip arp Flag Description Show ip arp reply Ospf informationARP address list information Ospf interface information Ospf general information Link-state-id A.B.C.D self Ospf Database informationAdvertising-router router ID Show ip ospf routes Ospf route codes informationShow ip ospf database summary Linkstate-id A.B.C.D self Show interface ip 1-250 rip Command mode All RIP user configurationRouting Information Protocol RIP Routes information IP information Show layer3 information Command mode All Igmp group information Igmp multicast group informationShow ip igmp groups Show Igmp Groups detail Show ip igmp mrouter information CommandUsageIgmp multicast router information Show ip vrrp information Vrrp information Show qos transmit-queue information 802.1p information ACL information Show access-control Command mode All Rmon Information Show rmon history Command mode AllRmon history information Show rmon Show rmon alarm Command mode All Rmon alarm information REvtIdx FEvtIdx Last value Rmon event information Show interface link Link status information Port Tag Rmon Pvid Port information Show sfp Command mode All Show geaport Command mode AllLogical Port to GEA Port mapping Fiber Port SFP status Information dump Uplink Failure Detection informationShow ufd Show information-dump Show snmp-server counters Show layer3 countersShow ntp counters Clear ntp Port Statistics Statistics Description 802.1x statisticsShow interface port port number dot1x counters Connecting to AUTHENTICATING, as a result of an Show interface port port number bridging-counters Bridging statisticsStatisticsDescription Ethernet statistics Dot3StatsAlignmentErrorsShow interface port port number ethernet-counters Dot1TpLearnedEntryDiscards Dot3StatsInternalMacTransmitErrors Dot3StatsFCSErrorsDot3StatsCarrierSenseErrors object Dot3StatsSingleCollisionFrames Interface statistics MulticastPkts-IfHCIn Discards-IfHCIn Errors-IfHCIn Octets-IfHCOut UcastPkts-IfHCOutStatistics Link statistics Internet Protocol IP statisticsShow interface port port number ip-counters Show interface port port number link-counters FDB statistics Layer 2 statisticsShow mac-address-table counters Statistic Description Show interface port port number lacp counters Lacp statistics Layer 3 statistics Show ip counters IP statisticsShow ip rip counters Clear ip rip counters Route statistics Show ip route counters Command mode All except User Exec DNS statistics ARP statisticsShow ip arp counters Show ip dns counters Icmp statistics Show ip icmp counters Command mode All except User Exec Show ip tcp counters TCP statistics Statistics Commands TCP statistics UDP statistics Show ip igmp counters Command mode All except User ExecIgmp Multicast Group statistics Show ip udp counters Ospf statistics Ospf global statistics Tx ls Updates Rx ls UpdatesTx Database Rx ls Requests Nbr change Timers Kickoff Hello Vrrp statistics Show ip vrrp counters Command mode All except User Exec GEA Layer 3 statistics RIP statisticsShow ip rip counters Show ip gea Packet statistics Management Processor statisticsShow mp packet Show mp tcp-block Show mp udp-block Show mp cpu Description Example statistic Show mp tcp-block CPU statistics Show access-control countersACL statistics Show mp udp-block SnmpInASNParseErrs SnmpEnableAuthTraps Show snmp-server counters Command mode All except User ExecSnmp statistics SnmpInBadCtyNames SnmpInBadCtyUses Statistics Commands Snmp statistics Total number of GetRequest-PDUs , GetNextRequest-PDUs NTP statistics Show ufd counters Uplink Failure Detection statistics Show counters Statistics dump Viewing and saving changes Saving the configuration Characters multi-line ’-‘ System configurationTo end No banner 1-80 characters Address System host log configurationCommand Description Cfg No logging log featureCli Console Ssh port TCP port number Secure Shell Server configuration IP address key 1-32 characters Radius server configuration Address key Characters TACACS+ server configuration Useroperadmin Tacacs-server timeoutTacacs-server enable No tacacs-server enable NTP server configuration Hostname 1-64 characters System Snmp configuration CommandDescription SNMPv3 configuration Snmp-server group User Security Model configuration View-based Access Control Model configuration SNMPv3 View configuration View 1-32 characters SNMPv3 Group configurationUser-name 1-32 characters Group-name 1-32 characters SNMPv3 Target Address Table configuration SNMPv3 Community Table configurationIndex 1-32 characters Name 1-32 characters AuthPriv SNMPv3 Target Parameters Table configuration SNMPv3 Notify Table configuration Management Networks configuration System Access configurationAddress IP mask IP address IP mask User ID configuration User Access Control configurationAccess user 1-10 level Useroperatoradministrator Access user 1-10enable Access user 1-10passwordNo access user 1-10enable No access user Access https save- certificate Show access Https Access configuration Pvid Port configurationName 1-64 characters 262143 Temporarily disabling a port Port link configuration No access-control list ACL Port configurationNo flowcontrol No auto Vlan Layer 2 configuration802.1x configuration 604800 802.1x Global configuration65535 802.1x Port configuration Show interface port Dot1x apply-global18-21 dot1x No spanning-tree mstp name Spanning-tree mstp maximum-hop Spanning-tree modeMstrstppvst Show spanning-tree mstp mrst Cist bridge configuration Common Internal Spanning Tree configurationSpanning-tree mstp cist Bridge priority Bridge forward-delay Cist port configurationInterface-priority Spanning-tree mstp cist path Enable Spanning-tree mst cist enableSpanning-tree mstp cist hello Spanning-tree mstp cist link 4094 Spanning Tree configuration Bridge Bridge Spanning Tree configurationBridge hello-time Link autop2pshared Spanning Tree port configuration Static FDB configuration Forwarding Database configuration128 MAC address vlan Vlan Port number Trunk configuration Layer 2 IP Trunk Hash configuration Port number lacp Link Aggregation Control Protocol configurationLacp Port configuration Stg Vlan configurationMember port number No member port number IP interface configuration Layer 3 configurationIp address IP address IP Netmask 254 Default Gateway configurationAddress IP address Address Resolution Protocol configuration IP Static Route configurationIp route IP subnet IP netmask IP nexthop IP interface Show ip arp static Static ARP configurationClear ip arp-cache IP netmask IP Forwarding configurationNetwork Filter configuration Route Map configuration Routing Information Protocol configuration IP Access List configuration Password RIP Interface configuration RIP Route Redistribution configuration As-value Open Shortest Path First configuration Osfp Area Index configuration IP address IP netmask Ospf Summary Range configuration Ospf Interface configuration Key key string Ospf Virtual Link configuration Ospf Route Redistribution configuration Ospf Host Entry configuration Igmp Snooping configuration Igmp configurationOspf MD5 Key configuration IGMPv3 Snooping configuration No ip igmp snoop igmpv3 exclude Ip igmp snoop igmpv3 enableNo ip igmp snoop igmpv3 enable Igmp filtering configuration Igmp static multicast router configurationNumber 1-4094 Trunk number 1-12LACP Igmp filter definition Igmp filtering port configuration Bootstrap Protocol Relay configuration Domain Name System configuration Show ip vrrp Virtual Router Redundancy Protocol configuration Vrrp Virtual Router configuration No virtual-router 1-250 preemption Vrrp Virtual Router Priority Tracking configurationShow ip vrrp virtual-router No virtual-router 1-250 track virtual-routers 250 Vrrp Virtual Router Group configuration Vrrp Virtual Router Group Priority Tracking configuration Vrrp Tracking configuration Vrrp Interface configuration Configuration Commands 169 QoS 802.1p configuration Quality of Service configurationQueue 0-10-7 weight Priority Access Control List configuration Access Control configurationACL Ethernet Filter configuration 384 IP mask ACL IP Version 4 Filter configuration Udp flags value 0x0-0x3f ACL TCP/UDP Filter configurationPort mask ACL Metering configuration ACL Packet Format configuration1000-10000000 32-4096 ACL Re-mark In-Profile configuration ACL Re-mark configurationRe-mark Re-mark in-profile dscp ACL Re-mark Out-of-Profile configuration Re-Mark Update User Priority configurationRe-mark in-profile dot1p Re-mark in-profile use-tos No access-control group 1-384 list ACL Group configurationAccess-control group 1-384 list Rmon history configuration Remote Monitoring configuration Rmon event configuration Oid 1-127 characters Rmon alarm configurationLimit -2147483647 to 2147483647 Characte rs Port mirroring Port-based port mirroring Uplink Failure Detection configurationPort number mirroring-port Port number inoutboth Link to Monitor configuration Failure Detection Pair configurationUfd fdp ltm adminkey No ufd fdp ltm adminkey Switchconfig# show running-config Configuration DumpLink to Disable configuration Restoring the active switch configuration Saving the active switch configurationSwitchconfig# copy running-config startup-config Switchconfig# copy tftpftp running-config Number shutdown Operations-level port options Router vrrp backup Interface port port number dot1x re- authenticateOperations-level Vrrp options Operations-level port 802.1x options Downloading new software to the switch Updating the switch software image Port type data-port/mgt-port port type Enter password for username on FTP server passwordAddress or name of remote host server name or IP address Source file name filename Routerconfig# boot image image1image2 Uploading a software image from the switchSelecting a software image to run Destination file name filename Resetting the switch Selecting a configuration blockAccessing the AOS CLI Boot cli-mode prompt Debug debug-flags System maintenance Debugging options Forwarding Database maintenanceAddress MAC address 4095 Igmp Snooping maintenance ARP cache maintenance Show flash-dump-uuencode Igmp Mrouter maintenanceUuencode flash dump Clearing dump information FTP/TFTP system dump put Unscheduled system dumps Panic commandConfirm dump and reboot y/n y Index 199