Cisco Nexus 5500 Series Command Reference Manual page 187

Chapter P Commands
precedence precedence (Optional) Specifies that the rule matches only packets that have an IP
flags
established
Command Default
A newly created IPv4 ACL contains no rules.
If you do not specify a sequence number, the device assigns to the rule a sequence number that is 10
greater than the last rule in the ACL.
Command Modes
IPv4 ACL configuration mode
Command History Release
5.2(1)N1(1)
Usage Guidelines
When the switch applies an IPv4 ACL to a packet, it evaluates the packet with every rule in the ACL.
The switch enforces the first rule whose conditions are satisfied by the packet. When the conditions of
more than one rule are satisfied, the switch enforces the rule with the lowest sequence number.
OL-27883-02
Precedence field with the value specified by the precedence argument. The
precedence argument can be a number or a keyword as follows:
0–7—Decimal equivalent of the 3 bits of the IP Precedence field. For
•
example, if you specify 3, the rule matches only packets that have the
following bits in the DSCP field: 011.
• critical—Precedence 5 (101)
flash—Precedence 3 (011)
•
flash-override—Precedence 4 (100)
•
immediate—Precedence 2 (010)
•
internet—Precedence 6 (110)
•
network—Precedence 7 (111)
•
priority—Precedence 1 (001)
•
routine—Precedence 0 (000)
•
(Optional) Rule that matches only packets that have specific TCP control bit
flags set. The value of the flags argument must be one or more of the
following keywords:
ack
•
fin
•
psh
•
rst
•
syn
•
urg
•
(Optional) Specifies that the rule matches only packets that belong to an
established TCP connection. The switch considers TCP packets with the
ACK or RST bits set to belong to an established connection.
Modification
This command was introduced.
Cisco Nexus 5500 Series NX-OS Security Command Reference
permit tcp (IPv4)
173