Chapter
D Commands
dscp dscp
fragments
OL-27883-02
(Optional) Specifies that the rule matches only those packets with the
specified 6-bit differentiated services value in the DSCP field of the IP
header. The dscp argument can be one of the following numbers or
keywords:
0–63—The decimal equivalent of the 6 bits of the DSCP field. For
•
example, if you specify 10, the rule matches only those packets that have
the following bits in the DSCP field: 001010.
af11—Assured Forwarding (AF) class 1, low drop probability (001010)
•
•
af12—AF class 1, medium drop probability (001100)
•
af13—AF class 1, high drop probability (001110)
•
af21—AF class 2, low drop probability (010010)
af22—AF class 2, medium drop probability (010100)
•
af23—AF class 2, high drop probability (010110)
•
af31—AF class 3, low drop probability (011010)
•
af32—AF class 3, medium drop probability (011100)
•
af33—AF class 3, high drop probability (011110)
•
af41—AF class 4, low drop probability (100010)
•
af42—AF class 4, medium drop probability (100100)
•
af43—AF class 4, high drop probability (100110)
•
cs1—Class-selector (CS) 1, precedence 1 (001000)
•
•
cs2—CS2, precedence 2 (010000)
•
cs3—CS3, precedence 3 (011000)
•
cs4—CS4, precedence 4 (100000)
•
cs5—CS5, precedence 5 (101000)
cs6—CS6, precedence 6 (110000)
•
cs7—CS7, precedence 7 (111000)
•
default—Default DSCP value (000000)
•
ef—Expedited Forwarding (101110)
•
(Optional) Specifies that the rule matches only those packets that are
noninitial fragments. You cannot specify this keyword in the same rule that
you specify Layer 4 options, such as a TCP port number, because the
information that the switch requires to evaluate those options is contained
only in initial fragments.
Cisco Nexus 5500 Series NX-OS Security Command Reference
deny ip (IPv4)
51