Reference Guide
Access Control Lists (ACLs) | 109
Configure filters with sequence number
To create a filter for packets with a specified sequence number, use these commands in the following
sequence, starting in the CONFIGURATION mode:
When you use the
log keyword, CP processor logs details about the packets that match. Depending on how
many packets match the log entry and at what rate, the CP may become busy as it has to log these packets’
details.
TCP packets: To create a filter for TCP packets with a specified sequence number, use these commands in
the following sequence, starting in the CONFIGURATION mode:
When you use the
log keyword, CP processor logs details about the packets that match. Depending on how
many packets match the log entry and at what rate, the CP may become busy as it has to log these packets’
details.
Step Command Syntax Command Mode Purpose
1
ip access-list extended
access-list-name
CONFIGURATION Enter the IP ACCESS LIST mode by creating
an extended IP ACL.
2 seq sequence-number
{
deny | permit}
{ip-protocol-number |
icmp | ip | tcp | udp
}
{
source mask | any | host
ip-address} {destination
mask | any | host
ip-address} [operator
port [port]] [count [byte]
|
log ] [order] [monitor]
[
fragments]
CONFIG-EXT-NACL Configure a drop or forward filter.
• log and monitor options are supported on
E-Series only.
Step Command Syntax Command Mode Purpose
1 ip access-list extended
access-list-name
CONFIGURATION Create an extended IP ACL and assign it a
unique name.
2 seq sequence-number
{
deny | permit} tcp
{
source mask | any |
host ip-address}}
[
count [byte] | log ]
[
order] [monitor]
[fragments]
CONFIG-EXT-NACL Configure an extended IP ACL filter for TCP
packets.
• log and monitor options are supported on
E-Series only.