Chapter 44 Access Control List Configuration DGS-3610 Series Configuration Guide
deeff ffffffffffffffffffffffffffffffff 54
Configuration of the second ACE fails because the 16 bytes are occupied by the first ACE.
To configure for the second ACE, you must delete the first one.
44.7 Configuring TCP Flag Filtering
Control
The TCP flag filtering feature provides a flexible mechanism. At present, TCP flag filtering
control supports the match-all option. When the TCP flags in a received packet exactly
match those defined in the ACL table entry, the packet will be checked by the ACL rule. A
user can define any combination of TCP flags to filter some packets with specific TCP flags.
For example,
permit tcp any any match-all rst
Allow the packets with a TCP flag RST set and 0 in other positions to pass
When the protocol number of the naming ACL and numerical value
configuration is TCP, you can select to configure this filtering feature.
MAC extended and IP standard ones do not have this function.
Please configure a TCP Flag by following these steps:
DGS-3610(config)# ip access-list
extended { id | name }
Enter the access list configuration mode
DGS-3610(config-ext-nacl)# [sn]
[permit | deny] tcp source
source-wildcard [ operator port [port] ]
destination destination-wildcard
[operator port [ port ]]
[match-all flag-name][precedence precedence]
Add table entries for ACL. For details about
commands, please see command reference.
DGS-3610(config-exp-nacl)# exit
DGS-3610(config)# interface interface
Exit from the access control list mode and
select the interface to which the access list is to
be applied.
DGS-3610(config-if)# ip access-group
{id | name} {in | out}
Apply the access list to the specific interface
The following example explains how to configure a TCP Flag
1. Enable rights and password
DGS-3610> enable
DGS-3610#
2. Enter the global configuration mode.
To Next Page
Loading...
Need help?
General