dscp dscp-name
no dscp
config>filter>ip-filter>entry>match
config>filter>ipv6-filter>entry>match
Supported on all 7210 SAS platforms as described in this document
This command configures a DiffServ Code Point (DSCP) name to be used as an IP filter match criterion.
The no form of this command removes the DSCP match criterion.
no dscp
Specifies a dscp name that has been previously mapped to a value using the dscp-name command. The DiffServ code point may only be specified by its name.
dst-ip {ip-address/mask | ip-address ipv4-address-mask}
no dst-ip
config>filter>ip-filter>entry>match
Supported on all 7210 SAS platforms as described in this document
This command configures a destination IP address range to be used as an IP filter match criterion.
To match on the destination IP address, specify the address and its associated mask, for example, 10.1.0.0/16. The conventional notation of 10.1.0.0 255.255.0.0 may also be used.
The no form of this command removes the destination IPv4 address match criterion.
none
Specifies the IP prefix for the IP match criterion in dotted-decimal notation.
Specifies the subnet mask length expressed as a decimal integer.
Specifies any mask expressed in dotted quad notation.
dst-ip {ipv6-address/prefix-length}
no dst-ip
config>filter>ipv6-filter>entry>match
Supported on all 7210 SAS platforms as described in this document
This command configures a destination IPv6 address range to be used as an IP filter match criterion.
To match on the destination IPv6 address, specify the address and its associated mask.
The no form of this command removes the destination IPv6 address match criterion.
none
Specifies the IPv6 prefix for the IP match criterion in hex digits.
Specifies the IPv6 prefix length for the IPv6 address as a decimal integer.
dst-port {eq} dst-port-number
no dst-port
config>filter>ip-filter>entry>match
config>filter>ipv6-filter>entry>match
Supported on all 7210 SAS platforms as described in this document
This command configures a destination TCP or UDP port number for an IP filter match criterion.
An entry containing L4 match criteria will not match non-initial (2nd, 3rd, and so on) fragments of a fragmented packet because only the first fragment contains the L4 information.
The no form of this command removes the destination port match criterion.
none
Specifies the destination port number to be used as a match criteria expressed as a decimal integer.
eh-present {true | false}
no eh-present
config>filter>ipv6-filter>entry>match
7210 SAS-K 2F1C2T, 7210 SAS-K 2F6C4T, and 7210 SAS-K 3SFP+ 8C
This command allows the user to specify if the presence of the IPv6 extension header should be used to match an IPv6 packet.
The no form of this command removes the match criterion.
no eh-present
Specifies to match an IPv6 packet with an extension header.
Specifies to match an IPv6 packet without an extension header.
fragment {true | false}
no fragment
config>filter>ip-filter>entry>match
7210 SAS-Dxp, 7210 SAS-K 2F1C2T, 7210 SAS-K 2F6C4T, and 7210 SAS-K 3SFP+ 8C
This command configures fragmented or non-fragmented IPv4 packets as IP filter match criteria.
An entry containing L4 match criteria will not match non-initial (2nd, 3rd, and so on) fragments of a fragmented packet because only the first fragment contains the L4 information.
The no form of this command removes the match criterion.
no fragment
Specifies to match on all fragmented IPv4 packets. A match will occur for all packets that have either the more fragment (MF) bit set or have the Fragment Offset field of the IPv4 header set to a non-zero value.
Specifies to match on all non-fragmented IPv4 packets. Non-fragmented IPv4 packets are packets that have the MF bit set to zero and have the Fragment Offset field also set to zero.
fragment {true | false | first-only | non-first-only}
no fragment
config>filter>ipv6-filter>entry>match
7210 SAS-K 2F1C2T, 7210 SAS-K 2F6C4T, and 7210 SAS-K 3SFP+ 8C
This command configures fragmented or non-fragmented IPv6 packets as IP filter match criteria.
An entry containing L4 match criteria will not match non-initial (2nd, 3rd, and so on) fragments of a fragmented packet because only the first fragment contains the L4 information.
The no form of this command removes the match criterion.
no fragment
Specifies to match on all fragmented IPv6 packets. A match will occur for all packets that have either the more fragment (MF) bit set or have the Fragment Offset field of the IPv6 header set to a non-zero value.
Specifies to match on all non-fragmented IPv6 packets. Non-fragmented IPv6 packets are packets that have the MF bit set to zero and have the Fragment Offset field also set to zero.
Specifies to match if a packet is an initial fragment of a fragmented IPv6 packet.
Specifies to match if a packet is a non-initial fragment of a fragmented IPv6 packet.
icmp-code icmp-code
no icmp-code
config>filter>ip-filter>entry>match
config>filter>ipv6-filter>entry>match
Supported on all 7210 SAS platforms as described in this document
This command configures matching on the ICMP code field in the ICMP header of an IP packet as a filter match criterion.
An entry containing L4 match criteria will not match non-initial (2nd, 3rd, and so on) fragments of a fragmented packet because only the first fragment contains the L4 information.
For an IPv4 filter, this command applies only if the protocol match criterion specifies ICMP (1).
For an IPv6 filter, this command applies only if the next header match criterion specifies ipv6-icmp (58).
The no form of this command removes the criterion from the match entry.
no icmp-code
Specifies the ICMP code values that must be present to match.
Specifies the ICMP code number in decimal, hexidecimal, or binary, to be used as a match criterion.
Specifies the ICMP code keyword to be used as a match criterion.
icmp-type icmp-type
no icmp-type
config>filter>ip-filter>entry>match
config>filter>ipv6-filter>entry>match
Supported on all 7210 SAS platforms as described in this document
This command configures matching on the ICMP type field in the ICMP header of an IP packet as a filter match criterion.
An entry containing L4 match criteria will not match non-initial (2nd, 3rd, and so on) fragments of a fragmented packet because only the first fragment contains the L4 information.
For an IPv4 filter, this command applies only if the protocol match criterion specifies ICMP (1).
For an IPv6 filter, this command applies only if the next header match criterion specifies ipv6-icmp (58).
The no form of this command removes the criterion from the match entry.
no icmp-type
Specifies the ICMP type values that must be present to match.
Specifies the ICMP type number in decimal, hexidecimal, or binary, to be used as a match criterion.
Specifies the ICMP type keyword to be used as a match criterion.
option-present {true | false}
no option-present
config>filter>ip-filter>entry>match
Supported on all 7210 SAS platforms as described in this document.
This command configures matching packets that contain the option field in the IP header as an IP filter match criterion.
The no form of this command removes the checking of the option field in the IP header as a match criterion.
Specifies matching on all IP packets that contain the option field in the header. A match will occur for all packets that have the option field present.
Specifies matching on IP packets that do not have any option field present in the IP header.
src-ip {ip-address/mask | ip-address ipv4-address-mask}
no src-ip
config>filter>ip-filter>entry>match
Supported on all 7210 SAS platforms as described in this document
This command configures a source IPv4 address range to be used as an IP filter match criterion.
To match on the source IPv4 address, specify the address and its associated mask, for example, 10.1.0.0/16. The conventional notation of 10.1.0.0 255.255.0.0 may also be used.
The no form of this command removes the source IPv4 address match criterion.
no src-ip
Specifies the IPv4 prefix for the IP match criterion in dotted-decimal notation.
Specifies the subnet mask length, expressed as a decimal integer.
Specifies any mask, expressed in dotted quad notation.
src-ip {ipv6-address/prefix-length}
no src-ip
config>filter>ipv6-filter>entry>match
Supported on all 7210 SAS platforms as described in this document
This command configures a source IPv6 address range to be used as an IP filter match criterion.
To match on the source IPv6 address, specify the address and its associated mask.
If the filter is created to match 64-bit address, the IPv6 address specified for the match must contain only the first 64-bits (that is, the first four 16-bit groups of the IPv6 address).
The no form of this command removes the source IPv6 address match criterion.
no src-ip
Specifies the IPv6 prefix for the IP match criterion in hex digits.
Specifies the IPv6 prefix length for the IPv6 address as a decimal integer.
src-port {eq} src-port-number
no src-port
config>filter>ip-filter>entry>match
config>filter>ipv6-filter>entry>match
Supported on all 7210 SAS platforms as described in this document
This command configures a source TCP or UDP port number for an IP filter match criterion.
An entry containing L4 match criteria will not match non-initial (2nd, 3rd, and so on) fragments of a fragmented packet because only the first fragment contains the L4 information.
The no form of this command removes the source port match criterion.
no src-port
Specifies the source port number to be used as a match criteria, expressed as a decimal integer.
tcp-ack {true | false}
no tcp-ack
config>filter>ip-filter>entry>match
config>filter>ipv6-filter>entry>match
Supported on all 7210 SAS platforms as described in this document
This command configures matching on the ACK bit being set or reset in the control bits of the TCP header of an IP packet as an IP filter match criterion.
An entry containing L4 match criteria will not match non-initial (2nd, 3rd, and so on) fragments of a fragmented packet because only the first fragment contains the L4 information.
The no form of this command removes the criterion from the match entry.
no tcp-ack
Specifies matching on IP packets that have the ACK bit set in the control bits of the TCP header of an IP packet.
Specifies matching on IP packets that do not have the ACK bit set in the control bits of the TCP header of the IP packet.
tcp-syn {true | false}
no tcp-syn
config>filter>ip-filter>entry>match
config>filter>ipv6-filter>entry>match
Supported on all 7210 SAS platforms as described in this document
This command configures matching on the SYN bit being set or reset in the control bits of the TCP header of an IP packet as an IP filter match criterion.
The SYN bit is normally set when the source of the packet needs to initiate a TCP session with the specified destination IP address.
An entry containing L4 match criteria will not match non-initial (2nd, 3rd, and so on) fragments of a fragmented packet because only the first fragment contains the L4 information.
The no form of this command removes the criterion from the match entry.
no tcp-syn
Specifies matching on IP packets that have the SYN bit set in the control bits of the TCP header.
Specifies matching on IP packets that do not have the SYN bit set in the control bits of the TCP header.