Manualshelf

Users Guide

ManualsBrandsDell ManualsAccess PlatformsPowerSwitch S6100-ON
201202203204205206207208209210
Version Description
6.5.1.0 Expanded to include the optional QoS order priority for the ACL entry.
Usage Information
The order option is relevant in the context of the Policy QoS feature only. For more information, see the Quality
of Service section of the Dell Networking OS Conguration Guide.
The monitor option is relevant in the context of ow-based monitoring only. For more information, see Port
Monitoring
.
deny tcp
Congure a lter that drops transmission control protocol (TCP) packets meeting the lter criteria.
Syntax
deny tcp {source mask | any | host ip-address} [bit] [operator port [port]]
{destination mask | any | host ip-address} [dscp] [bit] [operator port [port]]
[count [bytes] [order] [fragments] [monitor [session-ID]] [no-drop]
To remove this lter, you have two choices:
Use the no seq sequence-number command if you know the lter’s sequence number.
Use the no deny tcp {source mask | any | host ip-address} {destination mask |
any | host ip-address} command.
Parameters
source Enter the IP address of the network or host from which the packets are sent.
mask Enter a network mask in /prex format (/x) or A.B.C.D. The mask, when specied in
A.B.C.D format, may be either contiguous or non-contiguous.
any Enter the keyword any to specify that all routes are subject to the lter.
host ip-address Enter the keyword host then the IP address to specify a host IP address.
dscp Enter this keyword dscp to deny a packet based on the DSCP value. The range is from 0
to 63.
bit Enter a ag or combination of bits:
ack: acknowledgement eld
fin: nish (no more data from the user)
psh: push function
rst: reset the connection
syn: synchronize sequence numbers
urg: urgent eld
established: datagram of established TCP session
Use the established ag to match only ACK and RST ags of established TCP
session.
You cannot use established along with the other control ags
While using the established ag in an ACL rule, all the other TCP control ags are
masked, to avoid redundant TCP control ags conguration in a single rule. When you use
Access Control Lists (ACL) 203