Users Guide
Layer 2 Switching Commands 560
– When “+<tcpflagname>” is specified, a match occurs if specified
<tcpflagname> flag is set in the TCP header.
– When “-<tcpflagname>” is specified, a match occurs if specified
<tcpflagname> flag is *NOT* set in the TCP header.
– When “established” is specified, a match occurs if specified either
RST or ACK bits are set in the TCP header.
– This option is visible only if the protocol is tcp.
– Ack – Acknowledgment bit
– Fin – Finished bit
– Psh – push bit
– Rst – reset bit
– Syn – Synchronize bit
– Urg – Urgent bit
• [icmp-type icmp-type [icmp-code icmp-code] | icmp-message icmp-
message]—Specifies a match condition for ICMP packets.
– When icmp-type is specified, IP ACL rule matches on the specified
ICMP message type, a number from 0 to 255.
– When icmp-code is specified, IP ACL rule matches on the specified
ICMP message code, a number from 0 to 255.
– Specifying icmp-message implies both icmp-type and icmp-code are
specified.
– ICMP message is decoded into corresponding ICMP type and ICMP
code within that ICMP type. This option is visible only if the protocol
is “icmpv6”.
– ICMPv6 message types: destination-unreachable echo-reply echo-
request header hop-limit mld-query mld-reduction mld-report nd-na
nd-ns next-header no-admin no-route packet-too-big port-
unreachable router-solicitation router-advertisement router-
renumbering time-exceeded unreachable
– The icmpv6 message types are available only if the protocol is icmpv6.
• flow-label—Specifies a match on the identified flow label. Range 0–
1048575.