Reference Guide
Security | 811
Figure 40-13. Trace list Using seq Command Example
If you are creating a Trace list with only one or two filters, you can let FTOS assign a sequence number
based on the order in which the filters are configured. FTOS assigns filters in multiples of 5.
To configure a filter for a Trace list without a specified sequence number, use any or all of the following
commands in the TRACE LIST mode:
Command Syntax Command Mode Purpose
{deny | permit} {ip | ip-protocol-number} {source
mask | any | host ip-address} {destination mask |
any | host ip-address} [count [byte] | log]
TRACE LIST Configure a deny or permit filter to
examine IP packets. Configure the
following required and optional
parameters:
• ip: to specify IP as the protocol to
filter for.
• ip-protocol-number range: 0 to 255.
• source: An IP address as the source
IP address for the filter to match.
• mask: a network mask
• any: to match any IP source address
• host ip-address: to match IP
addresses in a host.
• destination: An IP address as the
source IP address for the filter to
match.
• count: count packets processed by the
filter.
• byte: count bytes processed by the
filter.
• log: is supported.
FTOS(config-trace-acl)#seq 15 deny ip host 12.45.0.0 any log
FTOS(config-trace-acl)#seq 5 permit tcp 121.1.3.45 0.0.255.255 any
FTOS(config-trace-acl)#show conf
!
ip trace-list dilling
seq 5 permit tcp 121.1.0.0 0.0.255.255 any
seq 15 deny ip host 12.45.0.0 any log
FTOS(config-trace-acl)#