Cisco AP775A - Nexus Converged Network Switch 5010 Command Reference Manual page 367
Cisco nexus 5000 series command reference, release 4.1(3)n1(1) (ol-16599-01, august 2009)
Hide thumbs
Also See for AP775A - Nexus Converged Network Switch 5010:
- Configuration manual (1486 pages) ,
- Reference (886 pages) ,
- Release note (26 pages)
Table of Contents
Advertisement
Chapter 6
Security Commands
S e n d c o m m e n t s t o n x 5 0 0 0 - d o c f e e d b a c k @ c i s c o . c o m
operator port [port]
portgroup portgroup
flags
established
Command Default
A newly created IPv4 ACL contains no rules.
OL-16599-01
(Optional; TCP and UDP only) Rule matches only packets that are from a
source port or sent to a destination port that satisfies the conditions of the
operator and port arguments. Whether these arguments apply to a source
port or a destination port depends upon whether you specify them after the
source argument or after the destination argument.
The port argument can be the name or the number of a TCP or UDP port.
Valid numbers are integers from 0 to 65535. For listings of valid port names,
see "TCP Port Names" and "UDP Port Names" in the "Usage Guidelines"
section.
A second port argument is required only when the operator argument is a
range.
The operator argument must be one of the following keywords:
eq—Matches only if the port in the packet is equal to the port argument.
•
gt—Matches only if the port in the packet is greater than the port
•
argument.
lt—Matches only if the port in the packet is less than the port argument.
•
neq—Matches only if the port in the packet is not equal to the port
•
argument.
range—Requires two port arguments and matches only if the port in the
•
packet is equal to or greater than the first port argument and equal to or
less than the second port argument.
(Optional; TCP and UDP only) Specifies that the rule matches only packets
that are from a source port or to a destination port that is a member of the IP
port-group object specified by the portgroup argument. Whether the
port-group object applies to a source port or a destination port depends upon
whether you specify it after the source argument or after the destination
argument.
Use the object-group ip port command to create and change IP port-group
objects.
(Optional; TCP only) Rule matches only packets that have a specific TCP
control bit flags set. The value of the flags argument must be one or more of
the following keywords:
ack
•
fin
•
psh
•
rst
•
syn
•
urg
•
(Optional; TCP only) Specifies that the rule matches only packets that
belong to an established TCP connection. The switch considers TCP packets
with the ACK or RST bits set to belong to an established connection.
Cisco Nexus 5000 Series Command Reference
deny (IPv4)
6-19
Advertisement
Table of Contents
