24 permit tcp – CANOGA PERKINS CanogaOS Command Reference User Manual

CanogaOS Command Line Reference

Revision 1.02

Proprietary & Confidential Canoga Pertkins Metro Ethernet Switches

Page 679 of 855

permit igmp

33.24 permit tcp

Use this command to permit TCP packets matching the IP filter.

Command Syntax

[<1-2147483646>] permit tcp { source source-mask | any | host source } [ src-port operator
port ]{destination destination-mask any | host destination} [ dst-port operator port ] [ ip-precedence
precedence | dscp dscp ] [ established | [ match-any | match-all flag-name] ] [ fragments ]
[ routed-packet ] [ options ] [ time-range time-range-name ] [ stats ]
src-port: source port <0-65535>
dst-port: destination port <0-65535>

operator

：including eq (equal to), lt (less than), gt (greater than), neq (not equal to), range

port: the port to be compared <0-65535>

established

：match established connections

match-any

：match any of the flag-name

match-all

： match all the flag-name

flag-name: the flag bit in tcp packets including ack, fin, psh, rst, syn, urg
For other parameters, please refer to permit command.

Command Mode

IP ACL configuration

Usage

The fragments will be invalid when the layer 4 information is specified (i.e. src-port).

Examples

This example shows how to create a filter in IP ACL to permit any TCP packets.
Switch(config-ip-acl)#10 permit tcp any any
This example shows how to create a filter in IP ACL to permit the TCP packets with the source IP
address 1.1.1.1, and source port ranges from 0 to 100.
Switch(config-ip-acl)#20 permit tcp host 1.1.1.1 src-port range 0 100 any
This example shows how to create a filter in IP ACL to permit any TCP packets in established TCP
streams.
Switch(config-ip-acl)#30 permit tcp any any establised
This example shows how to create a filter in IP ACL to permit the TCP ACK packets with the source IP
address 10.10.10.0.
Switch(config-ip-acl)#4 permit tcp 10.10.10.0 0.0.0.0 any match-any ack