CPM Filter Commands
Page 204 7450 ESS System Mangement Guide
icmp-type
Syntax icmp-type icmp-type
no icmp-type
Context config>sys>sec>cpm>ip-filter>entry>match
config>sys>sec>cpm>ipv6-filter>entry>match
Description This command configures matching on ICMP type field in the ICMP header of an IP packet as an IP
filter match criterion. Note that an entry containing Layer 4 match criteria will not match non-initial
(2nd, 3rd, etc) fragments of a fragmented packet since only the first fragment contains the Layer 4
information.
The no form of the command removes the criterion from the match entry.
Default no icmp-type — No match criterion for the ICMP type.
Parameters icmp-type — Specifies the ICMP type values that must be present to match.
Values 0 — 255
ip-option
Syntax ip-option ip-option-value ip-option-mask
no ip-option
Context config>sys>sec>cpm>ip-filter>entry>match
Description This command configures matching packets with a specific IP option or a range of IP options in the
IP header as an IP filter match criterion.
The option-type octet contains 3 fields:
• 1 bit copied flag (copy options in all fragments)
• 2 bits option class,
• 5 bits option number.
The no form of the command removes the match criterion.
Default No IP option match criterion
Parameters ip-option-value — Enter the 8 bit option-type as a decimal integer. The mask is applied as an AND to
the option byte, the result is compared with the option-value.
The decimal value entered for the match should be a combined value of the eight bit option type
field and not just the option number. Thus to match on IP packets that contain the Router Alert
option (option number =20), enter the option type of 148 (10010100).
Values 0 — 255
ip-option-mask — Specifies a range of option numbers to use as the match criteria.
To Next Page
Loading...
