Filter Policies
Router Configuration Guide 557
ipv6-address — The IPv6 prefix for the IP match criterion in hex digits.
Values x:x:x:x:x:x:x:x (eight 16-bit pieces)
x:x:x:x:x:x:d.d.d.d
x: [0..FFFF]H
d: [0..255]D
prefix-length — The IPv6 prefix length for the specified ipv6-address expressed as a decimal
integer.
Values 1 to 128
ipv6-address-mask — Eight 16-bit hexadecimal pieces representing bit match criteria.
Values x:x:x:x:x:x:x:x (eight 16-bit pieces)
x:x:x:x:x:x:d.d.d.d
x: [0..FFFF]H
d: [0..255]D
src-port
Syntax src-port {lt | gt | eq} src-port-number
src-port port-list port-list-name
src-port range src-port-number src-port-number
no src-port
Context config>filter>ip-filter>entry>match
config>filter>ipv6-filter>entry>match
Description This command configures a source TCP, UDP, or SCTP port number, port range, or port match list for
an IP filter match criterion. An entry containing Layer 4 non-zero match criteria will not match non-
initial (2nd, 3rd, etc.) fragments of a fragmented packet since only the first fragment contains the Layer
4 information. Similarly an entry containing "src-port eq 0" match criterion, may match non-initial
fragments when the source port value is not present in a packet fragment and other match criteria are
also met.
The no form of the command removes the source port match criterion.
Default no src-port
Parameters lt | gt | eq — Specifies the operator to use relative to src-port-number for specifying the port
number match criteria.
lt specifies all port numbers less than src-port-number match.
gt specifies all port numbers greater than src-port-number match.
eq specifies that src-port-number must be an exact match.
src-port-number — The source port number to be used as a match criteria expressed as a decimal
integer, and in hexadecimal or binary format. Below shows decimal integer only.
Values 0 to 65535
To Next Page
Loading...
