Security
7705 SAR OS System Management Guide 99
The decimal value entered for the match should be a combined value of the 8-bit option type
field and not just the option number. Therefore, to match on IP packets that contain the Router
Alert option (option number = 20), enter the option type of 148 (10010100).
Values 0 to 255
ip-option-mask — specifies a range of option numbers to use as the match criteria
This 8-bit mask can be entered using decimal, hexadecimal, or binary formats as shown in
Table 6.
Values 0 to 255
Default 255 (decimal) (exact match)
multiple-option
Syntax multiple-option {true | false}
no multiple-option
Context config>system>security>cpm-filter>ip-filter>entry>match
Description This command configures matching packets that contain more than one option field in the IP header
as an IP filter match criterion.
The no form of the command removes the checking of the number of option fields in the IP header as
a match criterion.
This command applies to IPv4 filters only.
Default no multiple-option
Parameters true — specifies matching on IP packets that contain more than one option field in the header
false — specifies matching on IP packets that do not contain multiple option fields in the header
Table 6: IP Option Formats
Format Style Format Syntax Example
Decimal DDD 20
Hexadecimal 0xHH 0x14
Binary 0bBBBBBBBB 0b0010100
To Next Page
Loading...
