dscp dscp-name
no dscp
config>filter>ip-filter>entry>match
config>filter>ipv6-filter>entry>match
Supported on all 7210 SAS platforms as described in this document
This command configures a DiffServ Code Point (DSCP) name to be used as an IP filter match criterion.
The no form of this command removes the DSCP match criterion.
no dscp
Specifies a dscp name that has been previously mapped to a value using the dscp-name command. The DiffServ code point may only be specified by its name.
dst-ip {ip-address/mask | ip-address ipv4-address-mask}
no dst-ip
config>filter>ip-filter>entry>match
Supported on all 7210 SAS platforms as described in this document
This command configures a destination IPv4 address range to be used as an IP filter match criterion.
To match on the destination IPv4 address, specify the address and its associated mask, such as 10.1.0.0/16. The conventional notation of 10.1.0.0 255.255.0.0 may also be used.
The no form of this command removes the destination IPv4 address match criterion.
none
Specifies the IPv4 prefix for the IP match criterion in dotted decimal notation.
Specifies the subnet mask length expressed as a decimal integer.
Specifies any mask expressed in dotted quad notation.
dst-ip {ipv6-address/prefix-length}
no dst-ip
config>filter>ipv6-filter>entry>match
Supported on all 7210 SAS platforms as described in this document
This command configures a destination IPv6 address range to be used as an IP filter match criterion.
To match on the destination IPv6 address, specify the address and its associated mask.
The no form of this command removes the destination IPv6 address match criterion.
none
Specifies the IPv6 prefix for the IP match criterion in hex digits.
Specifies the IPv6 prefix length for the IPv6 address as a decimal integer.
dst-port {eq} dst-port-number
no dst-port
config>filter>ip-filter>entry>match
config>filter>ipv6-filter>entry>match
Supported on all 7210 SAS platforms as described in this document
This command configures a destination TCP or UDP port number for an IP filter match criterion. An entry containing L4 match criteria will not match non-initial (2nd, 3rd, and so on) fragments of a fragmented packet since only the first fragment contains the L4 information.
The no form of this command removes the destination port match criterion.
Specifies the operator to use relative to dst-port-number for specifying the port number match criteria. The eq keyword specifies that dst-port-number must be an exact match.
Specifies the destination port number to be used as a match criteria expressed as a decimal integer.
fragment {true | false}
no fragment
config>filter>ip-filter>entry>match
Supported on all 7210 SAS platforms as described in this document
This command configures fragmented or non-fragmented IP packets as an IP filter match criterion. An entry containing L4 match criteria will not match non-initial (2nd, 3rd, etc) fragments of a fragmented packet since only the first fragment contains the L4 information.
The no form of this command removes the match criterion.
no fragment
Specifies a match on all fragmented IP packets. A match will occur for all packets that have either the MF (more fragment) bit set or have the Fragment Offset field of the IP header set to a non-zero value.
Specifies a match on all non-fragmented IP packets. Non-fragmented IP packets are packets that have the MF bit set to zero and have the Fragment Offset field also set to zero.
icmp-code icmp-code
no icmp-code
config>filter>ip-filter>entry>match
config>filter>ipv6-filter>entry>match
Supported on all 7210 SAS platforms as described in this document
This command configures matching on ICMP code field in the ICMP header of an IP packet as a filter match criterion. An entry containing L4 match criteria will not match non-initial (2nd, 3rd, etc) fragments of a fragmented packet since only the first fragment contains the L4 information.
This option is only meaningful if the protocol match criteria specifies ICMP (1).
The no form of this command removes the criterion from the match entry.
no icmp-code
Specifies the ICMP code values that must be present to match.
icmp-type icmp-type
no icmp-type
config>filter>ip-filter>entry>match
config>filter>ipv6-filter>entry>match
Supported on all 7210 SAS platforms as described in this document
This command configures matching on the ICMP type field in the ICMP header of an IP or packet as a filter match criterion. An entry containing L4 match criteria will not match non-initial (2nd, 3rd, etc) fragments of a fragmented packet since only the first fragment contains the L4 information.
This option is only meaningful if the protocol match criteria specifies ICMP (1).
The no form of this command removes the criterion from the match entry.
no icmp-type
Specifies the ICMP type values that must be present to match.
option-present {true | false}
no option-present
config>filter>ip-filter>entry>match
Supported on all 7210 SAS platforms as described in this document
This command configures matching packets that contain the option field or have an option field of zero in the IP header as an IP filter match criterion.
The no form of this command removes the checking of the option field in the IP header as a match criterion.
Specifies matching on all IP packets that contain the option field in the header. A match will occur for all packets that have the option field present. An option field of zero is considered as no option present.
Specifies matching on IP packets that do not have any option field present in the IP header. (an option field of zero). An option field of zero is considered as no option present.
src-ip {ip-address/mask | ip-address ipv4-address-mask}
no src-ip
config>filter>ip-filter>entry>match
Supported on all 7210 SAS platforms as described in this document
This command configures a source IPv4 address range to be used as an IP filter match criterion.
To match on the source IPv4 address, specify the address and its associated mask, for example, 10.1.0.0/16. The conventional notation of 10.1.0.0 255.255.0.0 may also be used.
The no form of this command removes the source IPv4 address match criterion.
no src-ip
Specifies the IPv4 prefix for the IP match criterion in dotted decimal notation.
Specifies the subnet mask length, expressed as a decimal integer.
Specifies any mask, expressed in dotted quad notation.
src-ip {ipv6-address/prefix-length}
no src-ip
config>filter>ipv6-filter>entry>match
Supported on all 7210 SAS platforms as described in this document
This command configures a source IPv6 address range to be used as an IP filter match criterion.
To match on the source IPv6 address, specify the address and its associated mask.
If the filter is created to match 64-bit address, the IPv6 address specified for the match must contain only the first 64-bits (that is, the first four 16-bit groups of the IPv6 address).
The no form of this command removes the source IPv6 address match criterion.
no src-ip
Specifies the IPv6 prefix for the IP match criterion in hex digits.
Specifies the IPv6 prefix length for the IPv6 address as a decimal integer.
src-port {eq} src-port-number
no src-port
config>filter>ip-filter>entry>match
config>filter>ipv6-filter>entry>match
Supported on all 7210 SAS platforms as described in this document
This command configures a source TCP or UDP port number for an IP filter match criterion. An entry containing L4 match criteria will not match non-initial (2nd, 3rd, etc) fragments of a fragmented packet since only the first fragment contains the L4 information.
The no form of this command removes the source port match criterion.
no src-port
Specifies the operator to use relative to src-port-number for specifying the port number match criteria. The eq keyword specifies that src-port-number must be an exact match.
Specifies the source port number to be used as a match criteria expressed as a decimal integer.
tcp-ack {true | false}
no tcp-ack
config>filter>ip-filter>entry>match
config>filter>ipv6-filter>entry>match
Supported on all 7210 SAS platforms as described in this document
This command configures matching on the ACK bit being set or reset in the control bits of the TCP header of an IP packet as an IP filter match criterion. An entry containing L4 match criteria will not match non-initial (2nd, 3rd, etc) fragments of a fragmented packet since only the first fragment contains the L4 information.
The no form of this command removes the criterion from the match entry.
no tcp-ack
Specifies matching on IP packets that have the ACK bit set in the control bits of the TCP header of an IP packet.
Specifies matching on IP packets that do not have the ACK bit set in the control bits of the TCP header of the IP packet.
tcp-syn {true | false}
no tcp-syn
config>filter>ip-filter>entry>match
config>filter>ipv6-filter>entry>match
Supported on all 7210 SAS platforms as described in this document
This command configures matching on the SYN bit being set or reset in the control bits of the TCP header of an IP packet as an IP filter match criterion. An entry containing L4 match criteria will not match non-initial (2nd, 3rd, and so on) fragments of a fragmented packet since only the first fragment contains the L4 information.
The SYN bit is normally set when the source of the packet needs to initiate a TCP session with the specified destination IP address.
The no form of this command removes the criterion from the match entry.
no tcp-syn
Specifies matching on IP packets that have the SYN bit set in the control bits of the TCP header.
Specifies matching on IP packets that do not have the SYN bit set in the control bits of the TCP header.