620 Configuring Access Control Lists
continued
– This option is visible only if the protocol is tcp.
–
Ack
– Acknowledgement bit
–
Fin
– Finished bit
–
Psh
– push bit
–
Rst
– reset bit
–
Syn
– Synchronize bit
–
Urg
– Urgent bit
•[icmp-type
icmp-type
[icmp-code
icmp-code
] | icmp-
message
icmp-message
]—Specifies a match condition for
ICMP packets.
– When icmp-type is specified, IP ACL rule matches on
the specified ICMP message type, a number from 0
to 255.
– When icmp-code is specified, IP ACL rule matches on
the specified ICMP message code, a number from 0
to 255.
– Specifying icmp-message implies both icmp-type and
icmp-code are specified.
– ICMP message is decoded into corresponding ICMP
type and ICMP code within that ICMP type. This
option is visible only if the protocol is “icmpv6”.
– ICMPv6 message types: destination-unreachable echo-
reply echo-request header hop-limit mld-query mld-
reduction mld-report nd-na nd-ns next-header no-
admin no-route packet-too-big port-unreachable
router-solicitation router-advertisement router-
renumbering time-exceeded unreachable
– The icmpv6 message types are available only if the
protocol is icmpv6.
• fragments—Specifies the rule matches packets that are
non-initial fragments (fragment bit asserted). Not valid
for rules that match L4 information such as TCP port
number since that information is carried in the initial
packet. IPv6 fragments contain an IPv6 Fragment
extension header.
Command Purpose
