Users Guide
Layer 2 Switching Commands 279
•
[precedence precedence | tos tos [tosmask] | dscp dscp]—
Specifies the
TOS for an IP/TCP/UDP ACL rule depending on a match of precedence
or DSCP values using the parameters dscp, precedence, or tos tosmask.
• flag [+fin | -fin] [+syn | -syn] [+rst | -rst] [+psh | -psh] [+ack | -ack]
[+urg | -urg] [established]—Specifies that the IP/TCP/UDP ACL rule
matches on the TCP flags.
– Ack – Acknowledgment bit
– Fin – Finished bit
– Psh – push bit
– Rst – reset bit
– Syn – Synchronize bit
– Urg – Urgent bit
– When “+<tcpflagname>” is specified, a match occurs if specified
<tcpflagname> flag is set in the TCP header.
– When “-<tcpflagname>” is specified, a match occurs if specified
<tcpflagname> flag is *NOT* set in the TCP header.
– When “established” is specified, a match occurs if either the RST or
ACK bits are set in the TCP header.
– This option is visible only if protocol is “tcp”.
•
[icmp-type icmp-type [icmp-code icmp-code] | icmp-message icmp-
message] —
Specifies a match condition for ICMP packets.
– When icmp-type is specified, IP ACL rule matches on the specified
ICMP message type, a number from 0 to 255.
– When icmp-code is specified, IP ACL rule matches on the specified
ICMP message code, a number from 0 to 255.
– Specifying icmp-message implies both icmp-type and icmp-code are
specified.
– ICMP message is decoded into corresponding ICMP type and ICMP
code within that ICMP type. This option is visible only if the protocol
is “icmp”.