CLI Guide
one port and forwards (mirrors) them to another port. The source port is the
monitored port (MD) and the destination port is the monitoring port (MG).
Related
Commands
ip access-list extended — creates an extended ACL.
permit tcp — assigns a permit filter for TCP packets.
permit udp — assigns a permit filter for UDP packets.
permit icmp
Configure a filter to allow all or specific ICMP messages.
Syntax
permit icmp {source mask | any | host ip-address} {destination
mask | any | host ip-address} [dscp] [message-type] [count
[byte]] [order] [fragments][threshold-in-msgs [count]]
To remove this filter, you have two choices:
• Use the no seq sequence-number command if you know the filter’s
sequence number.
• Use the no permit icmp {source mask | any | host ip-address}
{destination mask | any | host ip-address} command.
Parameters
source Enter the IP address of the network or host from which the
packets were sent.
mask Enter a network mask in /prefix format (/x) or A.B.C.D. The
mask, when specified in A.B.C.D format, may be either
contiguous or noncontiguous.
any Enter the keyword any to match and drop specific Ethernet
traffic on the interface.
host ip-address Enter the keyword host and then enter the IP address to
specify a host IP address.
destination Enter the IP address of the network or host to which the
packets are sent.
dscp Enter the keyword dscp to deny a packet based on the
DSCP value. The range is 0 to 63.
message-type (OPTIONAL) Enter an ICMP message type, either with the
type (and code, if necessary) numbers or with the name of
the message type. The range is 0 to 255 for ICMP type and 0
to 255 for ICMP code.
count (OPTIONAL) Enter the keyword count to count packets the
filter processes.
192
Access Control Lists (ACL)