Deny Tcp - Dell S6100 Configuration Manual
Hide thumbs
Also See for S6100:
- Configuration manual (1081 pages) ,
- Installation manual (54 pages) ,
- Release notes (13 pages)
Table of Contents
Advertisement
Version
6.5.1.0
Usage Information
The order option is relevant in the context of the Policy QoS feature only. For more information, see the Quality
of Service section of the Dell Networking OS Configuration Guide.
The monitor option is relevant in the context of flow-based monitoring only. For more information, see
Monitoring
deny tcp
Configure a filter that drops transmission control protocol (TCP) packets meeting the filter criteria.
Syntax
deny tcp {source mask | any | host ip-address} [bit] [operator port [port]]
{destination mask | any | host ip-address} [dscp] [bit] [operator port [port]]
[count [bytes] [order] [fragments] [monitor [session-ID]] [no-drop]
To remove this filter, you have two choices:
•
•
Parameters
source
mask
any
host ip-address
dscp
bit
Description
Expanded to include the optional QoS order priority for the ACL entry.
.
Use the no seq sequence-number command if you know the filter's sequence number.
Use the no deny tcp {source mask | any | host ip-address} {destination mask |
any | host ip-address} command.
Enter the IP address of the network or host from which the packets are sent.
Enter a network mask in /prefix format (/x) or A.B.C.D. The mask, when specified in
A.B.C.D format, may be either contiguous or non-contiguous.
Enter the keyword any to specify that all routes are subject to the filter.
Enter the keyword host then the IP address to specify a host IP address.
Enter this keyword dscp to deny a packet based on the DSCP value. The range is from 0
to 63.
Enter a flag or combination of bits:
•
ack: acknowledgement field
•
fin: finish (no more data from the user)
•
psh: push function
•
rst: reset the connection
•
syn: synchronize sequence numbers
•
urg: urgent field
•
established: datagram of established TCP session
Use the established flag to match only ACK and RST flags of established TCP
session.
You cannot use established along with the other control flags
While using the established flag in an ACL rule, all the other TCP control flags are
masked, to avoid redundant TCP control flags configuration in a single rule. When you use
Port
Access Control Lists (ACL)
203
Advertisement
Chapters
Table of Contents
