CPM Filter Commands
Page 202 7450 ESS System Mangement Guide
The no form of the command removes the destination IP address match criterion.
Default No destination IP match criterion
Parameters ip-address — Specifies the IP address for the IP match criterion in dotted decimal notation.
Values 0.0.0.0 — 255.255.255.255
ip-prefix-list — Creates a list of IPv4 prefixes for match criteria in IPv4 ACL and CPM filter
policies.
ip-prefix-list-name — A string of up to 32 characters of printable ASCII characters. If special charac-
ters are used, the string must be enclosed within double quotes.
mask — Specifies the subnet mask length expressed as a decimal integer.
Values 1 — 32
netmask — Specifies the dotted quad equivalent of the mask length.
Values 0.0.0.0 — 255.255.255.255
dst-port
Syntax dst-port [tcp/udp port-number] [mask]
dst-port port-list port-list-name
dst-port range tcp/udp port-number tcp/udp port-number
no dst-port
Context config>sys>sec>cpm>ip-filter>entry>match
Description This command specifies the TCP/UDP port or port name to match the destination-port of the packet.
Note that an entry containing Layer 4 match criteria will not match non-initial (2nd, 3rd, etc) frag-
ments of a fragmented packet since only the first fragment contains the Layer 4 information.
The no form of the command removes the destination port match criterion.
Parameters tcp/udp port-numb-number — Specifies the destination port number to be used as a match criteria
expressed as a decimal integer.
Values 0 — 65535 (accepted in decimal hex or binary)
port-list-name — Specifies the port list name to be used as a match criteria for the destination port.
mask — Specifies the 16 bit mask to be applied when matching the destination port.
Values [0x0000..0xFFFF] | [0..65535] | [0b0000000000000000..0b1111111111111111]
fragment
Syntax fragment {true | false}
no fragment
To Next Page
Loading...
