By default, 10 ACL logs are generated if you do not specify the threshold explicitly.
The default frequency at which ACL logs are generated is five minutes. By default,
flow-based monitoring is not enabled.
The monitor option is relevant in the context of flow-based monitoring only. For
more information, refer to
permit tcp
To pass TCP packets meeting the filter criteria, configure a filter.
Z9500
Syntax
permit tcp {source mask | any | host ip-address} [bit]
[operator port [port]] {destination mask | any | host ip-
address} [bit] [dscp] [operator port [port]] [count [bytes]]
[log] [order] [monitor] [fragments]
To remove this filter, you have two choices:
•
•
Parameters
source
mask
any
host ip-address
bit
252
NOTE: When ACL logging and byte counters are configured simultaneously,
byte counters may display an incorrect value. Configure packet counters with
logging instead.
Use the no seq sequence-number command if you know the filter's
sequence number.
Use the no permit tcp {source mask | any | host ip-address}
{destination mask | any | host ip-address} command.
Enter the IP address of the network or host from which the
packets were sent.
Enter a network mask in /prefix format (/x) or A.B.C.D. The
mask, when specified in A.B.C.D format, may be either
contiguous or non-contiguous.
Enter the keyword any to specify that all routes are subject
to the filter.
Enter the keyword host then the IP address to specify a host
IP address.
Enter a flag or combination of bits:
•
ack: acknowledgement field
•
fin: finish (no more data from the user)
•
psh: push function
•
rst: reset the connection
•
syn: synchronize sequence numbers
•
urg: urgent field
Port
Monitoring.
Access Control Lists (ACL)