Users Guide
permit
Congure a permit rule. A permit rule excludes the matching packets from PBR classication and routes them using conventional routing.
Syntax
permit {ip-protocol-number | protocol-type} {source mask | any | host ip-
address} {destination mask | any | host ip-address} [bit] [operators]
To remove the rule, use one of the following:
• If you know the lter sequence number, use the no seq sequence-number syntax command.
•
You can also use the no permit {ip-protocol-number | protocol-type} {source mask |
any | host ip-address} {destination mask | any | host ip-address} [bit]
[operators] command.
Parameters
ip-protocol-number Enter a number from 0 to 255 for the protocol identied in the IP protocol header.
protocol-type Enter one of the following keywords as the protocol type:
• icmp for internet control message protocol
• ip for any internet protocol
• tcp for transmission control protocol
• udp for user datagram protocol
source Enter the IP address of the network or host from which the packets were sent.
mask Enter a network mask in /prex format (/x).
any Enter the keyword any to specify that all trac is subject to the lter.
host ip-address Enter the keyword host then he IP address to specify a host IP address.
destination Enter the IP address of the network or host to which the packets are sent.
bit (OPTIONAL) For the TCP protocol type only, enter one or a combination of the following
TCP ags:
• ack = acknowledgement
• fin = nish (no more data from the user)
•
psh = push function
• rst = reset the connection
• syn = synchronize sequence number
• urg = urgent eld
operator (OPTIONAL) For TCP and UDP parameters only. Enter one of the following logical
operand:
• eq = equal to
• neq = not equal to
•
gt = greater than
• lt= less than
1110 Policy-based Routing (PBR)