beautypg.com

24 permit tcp – CANOGA PERKINS 9175 Command Reference User Manual

Page 608

background image

CanogaOS Command Reference

33-17

If IP address wildcard bits is provided, the IP address is logically-anded in bitwise with
the reverse bits of the wildcard bits. For example, 10.10.10.0 0.0.0.255 means the
addresses from 10.10.10.0 to 10.10.10.255 are matched.

An auto-generated sequence number will be assigned to the filter if the sequence-num field is not

presented. The auto-generated sequence number is incremented by 10 on the maximum existing

sequence number in the IP ACL. i.e. when the maximum existing sequence number is 100, the

sequence number of subsequent created IP filter is 110.

Examples

This example shows how to create a filter in IP ACL to permit any IP packets.

Switch(config-ip-acl)# 10 permit any any any

This example shows how to create a filter in IP ACL to permit the fragment packets with the source IP

address 1.1.1.1 and any destination IP address.

Switch(config-ip-acl)# 20 permit tcp host 1.1.1.1 any fragments

This example shows how to create a filter in IP ACL to permit any routed packets.

Switch(config-ip-acl)# 30 permit any any any routed-packet

Related Commands

permit tcp

permit udp

permit icmp

permit igmp

33.24 permit tcp

Use this command to permit TCP packets matching the IP filter.

Command Syntax

[<1-2147483646>] permit tcp { source source-mask | any | host source } [ src-port operator

port ]{destination destination-mask any | host destination} [ dst-port operator port ] [ ip-precedence

precedence | dscp dscp ] [ established | [ match-any | match-all flag-name] ] [ fragments ]

[ routed-packet ] [ options ] [ time-range time-range-name ] [ stats ]

src-port: source port <0-65535>

dst-port: destination port <0-65535>

operator

˖including eq (equal to), lt (less than), gt (greater than), neq (not equal to), range

port: the port to be compared <0-65535>

established

˖match established connections

match-any

˖match any of the flag-name

match-all

˖ match all the flag-name

flag-name: the flag bit in tcp packets including ack, fin, psh, rst, syn, urg

For other parameters, please refer to permit command.

Command Mode

IP ACL configuration

See also other documents in the category CANOGA PERKINS Computer hardware: