NOTE:
For more information, refer to the Flow-based Monitoring section in
the Port Monitoring chapter of the
FTOS Configuration Guide
.
fragments
Enter the keyword
fragments
to use ACLs to control packet fragments.
no-drop
Enter the keywords
no-drop
to match only the forwarded packets.
Defaults
Not configured.
Command Modes
CONFIGURATION-STANDARD-ACCESS-LIST
Command History
Version
Description
9.11(2.0)
Added the
type
parameter to filter the ICMP packets based on the type and code on the
S6000, S6000–ON, S6100–ON, Z9100–ON.
9.8(1.0)
Introduced on the Z9100–ON..
9.8(0.0)
Added the no-drop parameter.
9.2(1.0)
Introduced on the Z9500.
8.3.19.0
Introduced on the S4820T.
8.3.11.1
Introduced on the Z9000.
8.3.7.0
Introduced on the S4810.
8.3.1.0
Added the keyword
dscp
.
8.2.1.0
Allows ACL control of fragmented packets for IP (Layer 3) ACLs.
8.1.1.0
Introduced on the E-Series ExaScale.
7.4.1.0
Added support for noncontiguous mask and added the
monitor
option.
6.5.10
Expanded to include the optional QoS
order
priority for the ACL entry.
Usage Information
The
order
option is relevant in the context of the Policy QoS feature only. For more information, refer to the
Quality of Service chapter of the
FTOS Configuration Guide
.
When you use the
log
option, the CP processor logs details about the packets that match. Depending on how
many packets match the log entry and at what rate, the CP may become busy as it has to log these packets’
details.
The
monitor
option is relevant in the context of flow-based monitoring only. For more information, refer to
.
NOTE:
When ACL logging and byte counters are configured simultaneously, byte counters may display
an incorrect value. Configure packet counters with logging instead.
permit tcp
To pass TCP packets meeting the filter criteria, configure a filter.
Syntax
permit tcp {
source mask
| any | host
ip-address
} [
bit
] [
operator port
[
port
]]
{
destination mask
| any | host
ip-address
} [
bit
] [dscp] [
operator port
[
port
]]
[count [byte] [order] [fragments] [monitor [
session-ID
]] [no-drop]
Access Control Lists (ACL)
213