Security | 905
Creating a trace list
Trace lists filter and log traffic based on source and destination IP addresses, IP host addresses, TCP
addresses, TCP host addresses, UDP addresses, and UDP host addresses. When configuring the Trace list
filters, include the
count and bytes parameters so that any hits to that filter are logged.
Since traffic passes through the filter in the order of the filter’s sequence, you can configure the trace list by
first entering the TRACE LIST mode and then assigning a sequence number to the filter.
To create a filter for packets with a specified sequence number, use these commands in the following
sequence, starting in the CONFIGURATION mode:
To create a filter for TCP packets with a specified sequence number, use these commands in the following
sequence, starting in the CONFIGURATION mode:
Step Command Syntax Command Mode Purpose
1
ip trace-list trace-list-name
CONFIGURATION Enter the TRACE LIST mode by creating
an trace list.
2 seq sequence-number {deny | permit} {ip |
ip-protocol-number
} {source mask | any |
host ip-address} {destination mask | any |
host ip-address} [count [byte] | log]
TRACE LIST Configure a drop or forward filter.
Configure the following required and
optional parameters:
• sequence-number range: 0 to,
4294967290.
• ip: to specify IP as the protocol to filter
for.
• ip-protocol-number range: 0 to 255.
• source: An IP address as the source IP
address for the filter to match.
• mask: a network mask
• any: to match any IP source address
• host ip-address: to match IP addresses
in a host.
• destination: An IP address as the source
IP address for the filter to match.
• count: count packets processed by the
filter.
• byte: count bytes processed by the filter.
• log: is supported.
Step Command Syntax Command Mode Purpose
1 ip trace-list trace-list-name CONFIGURATION Create a trace list and assign it a unique
name.
To Next Page
Loading...
