Reference Guide
IPv4 Routing | 691
Usage
Information
Use the count option to stop packets from flooding the user terminal when debugging
is turned on.
The
access-group option supports only the equal to (eq) operator in TCP ACL rules.
Port operators not equal to (
neq), greater than (gt), less than (lt), or range are not
supported in
access-group option (Refer to the Example Error Messages below ).
ARP packets (
arp) and Ether-type (ether-type) are also not supported in access-group
option. The entire rule is skipped to compose the filter.
The
access-group option pertains to:
• IP Protocol Number 0 to 255
• Internet Control Message Protocol* icmp
* but not the ICMP message type (0-255)
• Any Internet Protocol ip
• Transmission Control Protocol* tcp
* but not on the rst, syn, or urg bit
• User Datagram Protocol udp
In the case of ambiguous access control list rules, the debug ip packet access-control
command will be disabled. A message appears identifying the error as shown below.
Example
(Error Messages)
FTOS#debug ip packet access-group test
%Error: port operator GT not supported in access-list debug
%Error: port operator LT not supported in access-list debug
%Error: port operator RANGE not supported in access-list debug
%Error: port operator NEQ not supported in access-list debug
FTOS#00:10:45: %RPM0-P:CP %IPMGR-3-DEBUG_IP_PACKET_ACL_AMBIGUOUS_EXP:
Ambiguous rules not supported in access-list debug, access-list debugging is turned
off
FTOS#
ip address
c e s
Assign a primary and secondary IP address to the interface.
Syntax
ip address ip-address mask [secondary]
To delete an IP address from an interface, use the
no ip address [ip-address]
command.
Parameters
Defaults
Not configured.
ip-address
Enter an IP address in dotted decimal format.
mask
Enter the mask of the IP address in slash prefix format (for example, /24).
secondary (OPTIONAL) Enter the keyword secondary to designate the IP address as the
secondary address.