Administrator Guide
Layer 2 Switching Commands 273
– When icmp-type is specified, IP ACL rule matches on the specified
ICMP message type, a number from 0 to 255.
– When icmp-code is specified, IP ACL rule matches on the specified
ICMP message code, a number from 0 to 255.
– Specifying icmp-message implies both icmp-type and icmp-code are
specified.
– ICMP message is decoded into corresponding ICMP type and ICMP
code within that ICMP type. This option is visible only if the protocol
is “icmp”.
– IPv4 ICMP message types: echo echo-reply host-redirect mobile-
redirect net-redirect net-unreachable redirect packet-too-big port-
unreachable source-quench router-solicitation router-advertisement
time-exceeded ttl-exceeded unreachable
• igmp-type igmp-type—When igmp-type is specified, IP ACL rule matches
on the specified IGMP message type (i.e., a number from 0 to 255).
•
fragments—
Specifies the rule matches packets that are non-initial
fragments (fragment bit asserted). Not valid for rules that match L4
information such as TCP port number since that information is carried in
the initial packet.
•
log—
Specifies that this rule is to be logged if the permit/deny rule has
been matched one or more times since the expiry of the last logging
interval. The logging interval is 5 minutes.
• time-range time-range-name—Allows imposing time limitation on the
ACL rule as defined by the parameter time-range-name. (See Time
Ranges Commands for more information.) If a time range with the
specified name does not exist and the ACL containing this ACL rule is
applied to an interface or bound to a VLAN, then the ACL rule is applied
immediately. If a time range with specified name exists and the ACL
containing this ACL rule is applied to an interface or bound to a VLAN,
then the ACL rule is applied when the time-range with specified name
becomes active. The ACL rule is removed when the time-range with
specified name becomes inactive.