NETGEAR ProSAFE M7100-24X Reference Manual page 257

ProSAFE M7100 Managed Switches
Parameter
flag
+fin or -fin
+syn or -syn
+rst or -rst
+psh or -psh
+ack or -ack
+urg or -urg
established
icmp-type and icmp-code, or
icmp-message
fragments
precedence, tos and tosmask, or dscp
time range
log
assign-queue
Description
Note:
This option is available only if the protocolkey is tcp.
Specifies that the IP ACL rule must match one or more flags.
If the flag name is preceded by a plus (for example, +fin), a match
occurs if the specified flag is set in the TCP header.
If the flag name is preceded by a minus (for example, -fin), a match
occurs if the specified flag is not set in the TCP header.
Enter the optional established keyword to specify that a match must
occur if either the RST or ACK bits are set in the TCP header.
Note:
This option is available only if the protocolkey is icmp.
Specifies a match condition for ICMP packets.
Either specify the ICMP type and optional ICMP code, or specify the
ICMP message.
• icmp-type. The IP ACL rule matches on the specified ICMP message
type. Specify the icmp-type keyword and enter a number from 0 to
255.
• icmp-code. The IP ACL rule matches on the specified ICMP message
code. Specify the icmp-code keyword and enter a number from 0 to
255.
• icmp-message. This selection enables both the ICMP type and ICMP
code. Specify the icmp-message keyword and enter one of the
following message options:
- echo, echo-reply, host-redirect, mobile-redirect, net-redirect,
net-unreachable, redirect, packet-too-big, port-unreachable,
source-quench, router-solicitation, router-advertisement,
time-exceeded, or ttl-exceeded and unreachable.
The ICMP message option is decoded into the corresponding ICMP
type and ICMP code within that ICMP type.
Specifies that IP ACL rule matches on fragmented IP packets.
Specifies the ToS for an IP ACL rule, depending on a match of the
precedence value, ToS value with optional ToS mask, or DSCP value.
You must specify the keyword and a value, for example, precedence 7.
Lets you impose a time limitation on the ACL rule as defined by the
time-range-name parameter, which is a name that you have defined
with the time-range command.
If a time range with the specified name exists and the ACL that contains
the rule is applied to an interface or bound to a VLAN, the ACL rule is
applied when the time range becomes active. The ACL rule is removed
when the time range with specified name becomes inactive.
If a time range with the specified name does not exist and the ACL the
rule is applied to an interface or bound to a VLAN, the ACL rule is
applied immediately.
Specifies that this rule must be logged.
Specifies the assign queue, which is the queue identifier (queue-id) to
which packets that match this rule are assigned.
The value of the queue identifier (queue-id) is 0-(n-1), in which n is
the number of user-configurable queues on the switch.
Quality of Service (QoS) Commands
257