Cisco Nexus 7000 Series Security Command Reference - Cisco Nexus 7000 Series Command Reference Manual

deny (IPv6)
flow-label flow-label-value
fragments
log
time-range time-range-name
icmp-message

Cisco Nexus 7000 Series Security Command Reference

250
• cs7—CS7, precedence 7 (111000)
• default—Default DSCP value (000000)
• ef—Expedited Forwarding (101110)
(Optional) Specifies that the rule matches only IPv6
packets whose Flow Label header field has the value
specified by the flow-label-value argument. The
flow-label-value argument can be an integer from 0
to 1048575.
(Optional) Specifies that the rule matches noninitial
fragmented packets only. The device considers
noninitial fragmented packets to be packets with a
fragment extension header that contains a fragment
offset that is not equal to zero. You cannot specify
this keyword in the same rule that you specify Layer
4 options, such as a TCP port number, because the
information that the devices requires to evaluate those
options is contained only in initial fragments.
(Optional) Specifies that the device generates an
informational logging message about each packet that
matches the rule. The message includes the following
information:
• ACL name
• Whether the packet was permitted or denied
• Whether the protocol was TCP, UDP, ICMP or
a number
• Source and destination addresses and, if
applicable, source and destination port numbers
(Optional) Specifies the time range that applies to this
rule. You can configure a time range by using the
time-range command.
(ICMP only: Optional) ICMPv6 message type that
the rule matches. This argument can be an integer
from 0 to 255 or one of the keywords listed under
"ICMPv6 Message Types" in the "Usage Guidelines"
section.
D Commands