Command Line Reference Guide
Security | 1337
Trace List Commands
IP trace lists create an Access Control List (ACLs) to trace all traffic into the E-Series switch. This
feature is useful for tracing Denial of Service (DOS) attacks.
• clear counters ip trace-group
• deny
• deny tcp
• deny udp
• ip trace-group
• ip trace-list
• permit
• permit tcp
• permit udp
• seq
• show config
• show ip accounting trace-lists
clear counters ip trace-group
e
Erase all counters maintained for trace lists.
Syntax
clear counters ip trace-group [trace-list-name]
Parameters
Command Modes
EXEC Privilege
deny
e
Configure a filter that drops IP packets meeting the filter criteria.
Syntax
deny {ip | ip-protocol-number} {source mask | any | host ip-address} {destination mask |
any | host ip-address} [count [byte]] | log] [order number]
To remove this filter, you have two choices:
• Use the no seq sequence-number command syntax if you know the filter’s sequence number or
• Use the no deny {ip | ip-protocol-number} {source mask | any | host ip-address}
{destination mask | any | host ip-address} command.
Parameters
Note: For other Access Control List commands, see the chapters Chapter 10, ACL VLAN
Group and Chapter 9, Access Control Lists (ACL).
trace-list-name
(OPTIONAL) Enter the name of a configured trace list.
ip Enter the keyword ip to configure a generic IP access list. The keyword ip
specifies that the access list will deny all IP protocols.
ip-protocol-number
Enter a number from 0 to 255 to deny based on the protocol identified in the IP
protocol header.