Command Line Interface
696 1553-KDU 137 365 Uen D 2006-06-16
ANDed with the specified source IP address, and then compared with
the address for each IP packet entering the port(s) to which this ACL
has been assigned.
• Both Precedence and ToS can be specified in the same rule. However,
if DSCP is used, then neither Precedence nor ToS can be specified.
• The control-code bitmask is a decimal number (representing an
equivalent bit mask) that is applied to the control code. Enter a decimal
number, where the equivalent binary bit “1” means to match a bit and “0”
means to ignore a bit. The following bits may be specified:
• 1 (fin) – Finish
• 2 (syn) – Synchronize
• 4 (rst) – Reset
• 8 (psh) – Push
• 16 (ack) – Acknowledgement
• 32 (urg) – Urgent pointer
For example, use the code value and mask below to catch packets with
the following flags set:
• SYN flag valid, use “control-code 2 2”
• Both SYN and ACK valid, use “control-code 18 18”
• SYN valid and ACK invalid, use “control-code 2 18”
Example
This example accepts any incoming packets if the source address is within
subnet 10.7.1.x. For example, if the rule is matched; that is, the rule (10.7.1.0 &
255.255.255.0) equals the masked address (10.7.1.2 & 255.255.255.0), the
packet passes through.
Console(config-ext-acl)#permit 10.7.1.1 255.255.255.0 any
Console(config-ext-acl)#
To Next Page
Loading...
