NETGEAR M6100 Series Reference Manual page 1041
Hide thumbs
Also See for M6100 Series:
- Hardware installation manual (76 pages) ,
- Software setup manual (34 pages) ,
- Installation manual (20 pages)
Table of Contents
Advertisement
Table 17. IP ACL command parameters (continued)
Parameter
flag [+fin | -fin] [+syn | -syn] [+rst |
-rst] [+psh | -psh] [+ack | -ack] [+urg
| -urg] [established]
[icmp-type icmp-type [icmp-code
icmp-code] | icmp-message icmp-message]
igmp-type igmp-type
fragments
log
time-range time-range-name
assign-queue queue-id
M6100 Series Switches
Description
Specifies that the IP ACL rule matches on the tcp flags.
When +<tcpflagname> is specified, a match occurs if specified
<tcpflagname> flag is set in the TCP header.
When -<tcpflagname> is specified, a match occurs if specified
<tcpflagname> flag is NOT set in the TCP header.
When established is specified, a match occurs if either the
specified RST or ACK bits are set in the TCP header. Two rules
are installed in hardware to when the established option is
specified.
This option is available only if protocol is tcp.
Note:
This option is available only if the protocol is ICMP.
Specifies a match condition for ICMP packets.
When icmp-type is specified, IP ACL rule matches on the
specified ICMP message type, a number from 0 to 255.
When icmp-code is specified, IP ACL rule matches on the
specified ICMP message code, a number from 0 to 255.
Specifying icmp-message implies both icmp-type and
icmp-code are specified. The following icmp-message options
are supported: echo, echo-reply, host-redirect,
mobile-redirect, net-redirect, net-unreachable,
redirect, packet-too-big, port-unreachable,
source-quench, router-solicitation,
router-advertisement, time-exceeded, ttl-exceeded,
and unreachable.
The ICMP message is decoded into corresponding ICMP type
and ICMP code within that ICMP type.
Note:
This option is visible only if the protocol is IGMP.
When igmp-type is specified, the IP ACL rule matches on the
specified IGMP message type, a number from 0 to 255.
Specifies that the IP ACL rule matches on noninitial fragmented
packets where the fragment extension header contains a nonzero
fragment offset. The fragments keyword is an option only if the
protocol is ipv6 and the operator port-number arguments are not
specified.
Specifies that this rule is to be logged.
Allows imposing a time limitation on the ACL rule as defined by
the parameter time-range-name. If a time range with the
specified name does not exist and the ACL containing this ACL
rule is applied to an interface or bound to a VLAN, the ACL rule is
applied immediately. If a time range with specified name exists
and the ACL containing this ACL rule is applied to an interface or
bound to a VLAN, the ACL rule is applied when the time-range
with specified name becomes active. The ACL rule is removed
when the time-range with specified name becomes inactive.
Specifies the assign-queue, which is the queue identifier to which
packets matching this rule are assigned.
Quality of Service Commands
1041
Advertisement
Chapters
Table of Contents
