199
Cisco Nexus 5500 Series NX-OS Security Command Reference
OL-27883-02
Chapter P Commands
permit tcp (IPv6)
dscp dscp (Optional) Specifies that the rule matches only packets with the specified
6-bit differentiated services value in the DSCP field of the IPv6 header. The
dscp argument can be one of the following numbers or keywords:
• 0–63—The decimal equivalent of the 6 bits of the DSCP field. For
example, if you specify 10, the rule matches only packets that have the
following bits in the DSCP field: 001010.
• af11—Assured Forwarding (AF) class 1, low drop probability (001010)
• af12—AF class 1, medium drop probability (001100)
• af13—AF class 1, high drop probability (001110)
• af21—AF class 2, low drop probability (010010)
• af22—AF class 2, medium drop probability (010100)
• af23—AF class 2, high drop probability (010110)
• af31—AF class 3, low drop probability (011010)
• af32—AF class 3, medium drop probability (011100)
• af33—AF class 3, high drop probability (011110)
• af41—AF class 4, low drop probability (100010)
• af42—AF class 4, medium drop probability (100100)
• af43—AF class 4, high drop probability (100110)
• cs1—Class-selector (CS) 1, precedence 1 (001000)
• cs2—CS2, precedence 2 (010000)
• cs3—CS3, precedence 3 (011000)
• cs4—CS4, precedence 4 (100000)
• cs5—CS5, precedence 5 (101000)
• cs6—CS6, precedence 6 (110000)
• cs7—CS7, precedence 7 (111000)
• default—Default DSCP value (000000)
• ef—Expedited Forwarding (101110)
established (Optional) Specifies that the rule matches only packets that belong to an
established TCP connection. The device considers TCP packets with the
ACK or RST bits set to belong to an established connection.
flags (Optional) Rule matches only packets that have specific TCP control bit
flags set. The value of the flags argument must be one or more of the
following keywords:
• ack
• fin
• psh
• rst
• syn
• urg
To Next Page
Loading...
