1204 BigIron RX Series Configuration Guide
53-1002253-01
Configuring an IPv6 ACL
47
tcp-udp-operator The <tcp-udp-operator> parameter can be one of the following:
• eq – The policy applies to the TCP or UDP port name or number you enter
after eq.
• gt – The policy applies to TCP or UDP port numbers greater than the port
number or the numeric equivalent of the port name you enter after gt.
Enter "?" to list the port names.
• lt – The policy applies to TCP or UDP port numbers that are less than the
port number or the numeric equivalent of the port name you enter after
lt.
• neq – The policy applies to all TCP or UDP port numbers except the port
number or port name you enter after neq.
• range – The policy applies to all TCP port numbers that are between the
first TCP or UDP port name or number and the second one you enter
following the range parameter. The range includes the port names or
numbers you enter. For example, to apply the policy to all ports between
and including 23 (Telnet) and 53 (DNS), enter the following: range 23 53.
The first port number in the range must be lower than the last number in
the range.
The <source-port number> and <destination-port-number> for the
tcp-udp-operator is the number of the port.
ipv6-operator Allows you to filter the packets further by using one of the following options:
• dscp – The policy applies to packets that match the traffic class value in
the traffic class field of the IPv6 packet header. This operator allows you
to filter traffic based on TOS or IP precedence. You can specify a value
from 0 – 63.
• fragments – The policy applies to fragmented packets that contain a
non-zero fragment offset.
NOTE: This option is not applicable to filtering based on source or destination
port, TCP flags, and ICMP flags.
• routing – The policy applies only to IPv6 source-routed packets.
NOTE: This option is not applicable to filtering based on source or destination
port, TCP flags, and ICMP flags.
• sequence – The sequence parameter specifies where the conditional
statement is to be added in the access list. You can add a conditional
statement at particular place in an access list by specifying the entry
number using the sequence keyword. You can specify a value from 1 –
4294967295.
You can specify which flags inside the TCP header need to be matched.
Specify any of the following flags for <tcp- flags>:
• + | – urg = Urgent
• + | – ack= Acknowledge
• + | – psh + Push
• + | – rst = Reset
• + | – syn = Synchronize
• + | – fin = Finish
match-all <tcp- flags>
match-any <tcp-flag>
Enter match-all <tcp- flags> if you want all the flags you specify to be matched
from a TCP session. Use match-any <tcp-flag> if any of the flags will be
matched. You can enter more than one TCP flag. Separate each flag with a
space, using a + or – to indicate if the matching condition requires the bit to
be set to 1 (+) or 0 (–).
802.1p-priority-matching
<number>
If you want to match only those packets that have the same 802.1p priorities
as specified in the ACL. Enter 0 – 7.
TABLE 210 Syntax descriptions (Continued)
Arguments... Description...
To Next Page
Loading...
