HP Cisco MDS 9216A Cisco Nexus 5000 Series Command Reference Release 4.0(1a)N2 - Page 362
time-range, range, portgroup, object-group ip port
View all HP Cisco MDS 9216A manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 362 highlights
deny (IPv6) Chapter 6 Security Commands Send comments to [email protected] log time-range time-range-name icmp-message operator port [port] portgroup portgroup (Optional) Specifies that the device generates an informational logging message about each packet that matches the rule. The message includes the following information: • ACL name • Whether the packet was permitted or denied • Whether the protocol was TCP, UDP, ICMP or a number • Source and destination addresses and, if applicable, source and destination port numbers (Optional) Specifies the time range that applies to this rule. You can configure a time range by using the time-range command. (ICMP only: Optional) ICMPv6 message type that the rule matches. This argument can be an integer from 0 to 255 or one of the keywords listed under "ICMPv6 Message Types" in the "Usage Guidelines" section. (Optional; TCP, UDP, and SCTP only) Rule matches only packets that are from a source port or sent to a destination port that satisfies the conditions of the operator and port arguments. Whether these arguments apply to a source port or a destination port depends upon whether you specify them after the source argument or after the destination argument. The port argument can be the name or the number of a TCP or UDP port. Valid numbers are integers from 0 to 65535. For listings of valid port names, see "TCP Port Names" and "UDP Port Names" in the "Usage Guidelines" section. A second port argument is required only when the operator argument is a range. The operator argument must be one of the following keywords: • eq-Matches only if the port in the packet is equal to the port argument. • gt-Matches only if the port in the packet is greater than the port argument. • lt-Matches only if the port in the packet is less than the port argument. • neq-Matches only if the port in the packet is not equal to the port argument. • range-Requires two port arguments and matches only if the port in the packet is equal to or greater than the first port argument and equal to or less than the second port argument. (Optional; TCP, UDP, and SCTP only) Specifies that the rule matches only packets that are from a source port or to a destination port that is a member of the IP port-group object specified by the portgroup argument. Whether the port-group object applies to a source port or a destination port depends upon whether you specify it after the source argument or after the destination argument. Use the object-group ip port command to create and change IP port-group objects. 6-28 Cisco Nexus 5000 Series Command Reference OL-16599-01