Reference Guide
Security | 885
seq 15 deny ip host 12.45.0.0 any log
FTOS(config-trace-acl)#
If you are creating a Trace list with only one or two filters, you can let FTOS assign a sequence number
based on the order in which the filters are configured. FTOS assigns filters in multiples of 5.
To configure a filter for a Trace list without a specified sequence number, use any or all of the following
commands in the TRACE LIST mode:
Command Syntax Command Mode Purpose
{deny | permit} {ip | ip-protocol-number}
{source mask | any | host ip-address}
{
destination mask | any | host
ip-address} [count [byte] | log]
TRACE LIST Configure a deny or permit filter to examine IP
packets. Configure the following required and
optional parameters:
• ip: to specify IP as the protocol to filter for.
• ip-protocol-number range: 0 to 255.
• source: An IP address as the source IP address
for the filter to match.
• mask: a network mask
• any: to match any IP source address
• host ip-address: to match IP addresses in a
host.
• destination: An IP address as the source IP
address for the filter to match.
• count: count packets processed by the filter.
• byte: count bytes processed by the filter.
• log: is supported.
{deny | permit} tcp {source mask | any |
host ip-address} [operator port [port]]
{
destination mask | any | host
ip-address} [operator port [port]]
[
established] [count [byte] | log]
TRACE LIST Configure a deny or permit filter to examine TCP
packets. Configure the following required and
optional parameters:
• source: An IP address as the source IP address
for the filter to match.
• mask: a network mask
• any: to match any IP source address
• host ip-address: to match IP addresses in a
host.
• destination: An IP address as the source IP
address for the filter to match.
• precedence precedence range: 0 to 7.
• tos tos-value range: 0 to 15
• count: count packets processed by the filter.
• byte: count bytes processed by the filter.
• log: is supported.