permit
c e s
Syntax
Parameters
Defaults
Command Modes
Command
History
1088
|
Policy-based Routing (PBR)
Configure a rule for the redirect list.
permit {ip-protocol-number | protocol-type} {source mask | any | host ip-address}
{destination mask | any | host ip-address} [bit] [operators]
To remove the rule, use one of the following:
If you know the filter sequence number, use the no seq sequence-number syntax.
•
no permit {ip-protocol-number | protocol-type} {source mask | any | host ip-address}
•
{destination mask | any | host ip-address} [bit] [operators]
ip-protocol-number
protocol-type
source
mask
any
host ip-address
destination
bit
operator
No default behavior or values
REDIRECT-LIST
Version 8.4.2.1
Introduced on the C-Series and S-Series
Version 8.4.2.0
Introduced on the E-Series TeraScale
Version 7.5.1.0
Introduced on the E-Series ExaScale
Enter a number from 0 to 255 for the protocol identified in the IP protocol
header.
Enter one of the following keywords as the protocol type:
icmp
•
for Internet Control Message Protocol
ip
•
for Any Internet Protocol
tcp
•
for Transmission Control Protocol
udp
•
for User Datagram Protocol
Enter the IP address of the network or host from which the packets were sent.
Enter a network mask in /prefix format (/x).
any
Enter the keyword
to specify that all traffic is subject to the filter.
host
Enter the keyword
followed by the IP address to specify a host IP address.
Enter the IP address of the network or host to which the packets are sent.
(OPTIONAL) For TCP protocol type only, enter one or a combination of the
following TCP flags:
ack
•
= acknowledgement
fin
•
= finish (no more data from the user)
psh
•
= push function
rst
•
= reset the connection
syn
•
= synchronize sequence number
urg =
•
urgent field
(OPTIONAL) For TCP and UDP parameters only. Enter one of the following
logical operand:
eq
•
= equal to
neq
•
= not equal to
gt
•
= greater than
lt
•
= less than
range
•
= inclusive range of ports (you must specify two ports for the
command parameter.)
port