CLI Reference Guide
ACL Commands 263
•
flag [+fin | -fin] [+syn | -syn] [+rst | -rst] [+psh | -psh] [+ack | -ack] [+urg
| -urg] [established]—
Specifies that the IP/TCP/UDP ACL rule matches on
the TCP flags.
–
Ack
– Acknowledgement bit
–
Fin
– Finished bit
–
Psh
– push bit
–
Rst
– reset bit
–
Syn
– Synchronize bit
–
Urg
– Urgent bit
– When “+<tcpflagname>
”
is specified, a match occurs if specified
<tcpflagname> flag is set in the TCP header.
– When “-<tcpflagname>
”
is
specified, a match occurs if specified
<tcpflagname> flag is *NOT* set in the TCP header.
– When “established
” is
specified, a match occurs if either the RST or
ACK bits are set in the TCP header.
– This option is visible only if protocol is “tcp”.
•
[icmp-type
icmp-type
[icmp-code
icmp-code
] |
icmp-message
icmp-message
]
—
Specifies a match condition for ICMP packets.
– When icmp-type is specified, IP ACL rule matches on the specified
ICMP message type, a number from 0 to 255.
– When icmp-code is specified, IP ACL rule matches on the specified
ICMP message code, a number from 0 to 255.
– Specifying icmp-message implies both icmp-type and icmp-code are
specified.
– ICMP message is decoded into corresponding ICMP type and ICMP
code within that ICMP type. This option is visible only if the protocol
is “icmp”.
– IPv4 ICMP message types: echo echo-reply host-redirect mobile-
redirect net-redirect net-unreachable redirect packet-too-big port-
unreachable source-quench router-solicitation router-advertisement
time-exceeded ttl-exceeded unreachable
•igmp-type
igmp-type
—When igmp-type is specified, IP ACL rule matches
on the specified IGMP message type (i.e., a number from 0 to 255).
2CSNXXX_SWUM200.book Page 263 Tuesday, December 10, 2013 1:22 PM