Foundry Networks Switch and Router Installation And Configuration Manual page 1016

Foundry Switch and Router Installation and Configuration Guide
• established – This operator applies only to TCP packets. If you use this operator, the policy applies to TCP
packets that have the ACK (Acknowledgment) or RST (Reset) bits set on (set to "1") in the Control Bits field of
the TCP packet header. Thus, the policy applies only to established TCP sessions, not to new sessions. See
Section 3.1, "Header Format", in RFC 793 for information about this field.
The log parameter applies only to deny policies. This parameter generates a Syslog entry for packets that are
denied by the policy. See the "show logging" section of the "Show Commands" chapter in the Foundry Switch and
Router Command Line Interface Reference for a description of how the timer for the entries works. Layer 2 MAC
filters and IP access policies use the same timer, whereas Access Control Lists (ACLs) use a separate timer, but
the timers work the same way. Thus, the description of how the ACL timer works also applies to the Layer 2 MAC
filters and IP access policies.
NOTE: You can enable logging on ACLs and filters that support logging even when the ACLs and filters are
already in use. To do so, re-enter the ACL or filter command and add the log parameter to the end of the ACL or
filter. The software replaces the ACL or filter command with the new one. The new ACL or filter, with logging
enabled, takes effect immediately.
Figure 26.2 and Figure 26.3 on page C-14 show the CLI syntax for configuring an IP access policy.
C - 12 December 2000