Table of Contents
Advertisement
Parameters
Function
{ ack ack-value |
Specifies one or
fin fin-value | psh
more TCP flags
psh-value | rst
including ACK, FIN,
rst-value | syn
PSH, RST, SYN, and
syn-value | urg
URG
urg-value } *
If the protocol argument takes icmp (1), set the parameters shown in
Table 5 ICMP-specific parameters for IPv4 advanced ACL rules
Parameters
icmp-type { icmp-type
[ icmp-code ] |
icmp-message }
Table 6 ICMP message names supported in IPv4 advanced ACL rules
ICMP message name
echo
echo-reply
fragmentneed-DFset
host-redirect
host-tos-redirect
host-unreachable
information-reply
information-request
net-redirect
net-tos-redirect
net-unreachable
parameter-problem
port-unreachable
protocol-unreachable
reassembly-timeout
source-quench
source-route-failed
timestamp-reply
timestamp-request
ttl-exceeded
Description
Parameters specific to TCP.
The value for each argument can be 0 (flag bit not set) or 1 (flag
bit set).
For example, a rule configured with ack 1 psh 0 may match
packets that have the ACK flag bit set or the PSH flag bit not set on
one device.
Function
Description
The icmp-type argument is in the range of 0 to 255.
Specifies the ICMP
The icmp-code argument is in the range of 0 to 255.
message type and
The icmp-message argument specifies a message name.
code
Supported ICMP message names and their corresponding type
and code values are listed in
ICMP message type
8
0
3
5
5
3
16
15
5
5
3
12
3
3
11
4
3
14
13
11
10
Table
5.
Table
6.
ICMP message code
0
0
4
1
3
1
0
0
0
2
0
0
3
2
1
0
5
0
0
0
Advertisement
Table of Contents
