Administrator Guide
ICMP Message
Type Keywords
ICMP Message Type Name
redirect All redirects
router-
advertisement
Router discovery advertisements
router-solicitation Router discovery solicitations
source-quench Source quenches
source-route-
failed
Source route failed
time-exceeded All time exceeded
timestamp-reply Timestamp replies
timestamp-
request
Timestamp requests
traceroute Traceroute
ttl-exceeded TTL exceeded
unreachable All unreachables
deny tcp
Configure a filter that drops transmission control protocol (TCP) packets meeting the filter criteria.
C9000 Series
Syntax
deny tcp {source mask | any | host ip-address} [bit] [operator port [port]]
{destination mask | any | host ip-address} [dscp] [bit] [operator port [port]]
[count [bytes]] [order] [fragments] [log [interval minutes] [threshold-in-msgs
[count]] [monitor]
To remove this filter, you have two choices:
• Use the no seq sequence-number command if you know the filter’s sequence number.
• Use the no deny tcp {source mask | any | host ip-address} {destination mask |
any | host ip-address} command.
Parameters
source
Enter the IP address of the network or host from which the packets are sent.
mask
Enter a network mask in /prefix format (/x) or A.B.C.D. The mask, when specified in
A.B.C.D format, may be either contiguous or non-contiguous.
any Enter the keyword any to specify that all routes are subject to the filter.
host
ip-address
Enter the keyword host then the IP address to specify a host IP address.
dscp Enter this keyword dscp to deny a packet based on the DSCP value. The range is from 0
to 63.
bit
Enter a flag or combination of bits:
• ack: acknowledgement field
• fin: finish (no more data from the user)
• psh: push function
• rst: reset the connection
• syn: synchronize sequence numbers
• urg: urgent field
operator (OPTIONAL) Enter one of the following logical operand:
232 Access Control Lists (ACL)