Cisco Nexus 5500 Series Command Reference Manual page 95

Nx-os security command reference
Hide thumbs Also See for Nexus 5500 Series:
Table of Contents

Advertisement

Chapter
D Commands
dscp dscp
flow-label
flow-label-value
fragments
OL-27883-02
(Optional) Specifies that the rule matches only packets with the specified
6-bit differentiated services value in the DSCP field of the IPv6 header. The
dscp argument can be one of the following numbers or keywords:
0–63—The decimal equivalent of the 6 bits of the DSCP field. For
example, if you specify 10, the rule matches only packets that have the
following bits in the DSCP field: 001010.
af11—Assured Forwarding (AF) class 1, low drop probability (001010)
af12—AF class 1, medium drop probability (001100)
af13—AF class 1, high drop probability (001110)
af21—AF class 2, low drop probability (010010)
af22—AF class 2, medium drop probability (010100)
af23—AF class 2, high drop probability (010110)
af31—AF class 3, low drop probability (011010)
af32—AF class 3, medium drop probability (011100)
af33—AF class 3, high drop probability (011110)
af41—AF class 4, low drop probability (100010)
af42—AF class 4, medium drop probability (100100)
af43—AF class 4, high drop probability (100110)
cs1—Class-selector (CS) 1, precedence 1 (001000)
cs2—CS2, precedence 2 (010000)
cs3—CS3, precedence 3 (011000)
cs4—CS4, precedence 4 (100000)
cs5—CS5, precedence 5 (101000)
cs6—CS6, precedence 6 (110000)
cs7—CS7, precedence 7 (111000)
default—Default DSCP value (000000)
ef—Expedited Forwarding (101110)
(Optional) Specifies that the rule matches only IPv6 packets whose Flow
Label header field has the value specified by the flow-label-value argument.
The flow-label-value argument can be an integer from 0 to 1048575.
(Optional) Specifies that the rule matches noninitial fragmented packets
only. The device considers noninitial fragmented packets to be packets with
a fragment extension header that contains a fragment offset that is not equal
to zero. You cannot specify this keyword in the same rule that you specify
Layer 4 options, such as a TCP port number, because the information that the
devices requires to evaluate those options is contained only in initial
fragments.
Cisco Nexus 5500 Series NX-OS Security Command Reference
deny tcp (IPv6)
81

Hide quick links:

Advertisement

Table of Contents
loading

Table of Contents