Netgear XSM4324FS CLI Manual Software Version 12.x - Page 974
packet-too-big, port-unreachable
View all Netgear XSM4324FS manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 974 highlights
M4300 Intelligent Edge Series Fully Managed Stackable Switches Table 14. IP ACL command parameters (continued) Parameter Description flag [+fin | -fin] [+syn | -syn] [+rst | -rst] [+psh | -psh] [+ack | -ack] [+urg | -urg] [established] Specifies that the IP ACL rule matches on the tcp flags. When + is specified, a match occurs if specified flag is set in the TCP header. When - is specified, a match occurs if specified flag is NOT set in the TCP header. When established is specified, a match occurs if either the specified RST or ACK bits are set in the TCP header. Two rules are installed in hardware to when the established option is specified. This option is available only if protocol is tcp. [icmp-type icmp-type [icmp-code icmp-code] | icmp-message icmp-message] Note: This option is available only if the protocol is ICMP. Specifies a match condition for ICMP packets. When icmp-type is specified, IP ACL rule matches on the specified ICMP message type, a number from 0 to 255. When icmp-code is specified, IP ACL rule matches on the specified ICMP message code, a number from 0 to 255. Specifying icmp-message implies both icmp-type and icmp-code are specified. The following icmp-message options are supported: echo, echo-reply, host-redirect, mobile-redirect, net-redirect, net-unreachable, redirect, packet-too-big, port-unreachable, source-quench, router-solicitation, router-advertisement, time-exceeded, ttl-exceeded, and unreachable. The ICMP message is decoded into corresponding ICMP type and ICMP code within that ICMP type. igmp-type igmp-type Note: This option is visible only if the protocol is IGMP. When igmp-type is specified, the IP ACL rule matches on the specified IGMP message type, a number from 0 to 255. fragments Specifies that the IP ACL rule matches on noninitial fragmented packets where the fragment extension header contains a nonzero fragment offset. The fragments keyword is an option only if the protocol is ipv6 and the operator port-number arguments are not specified. log Specifies that this rule is to be logged. time-range time-range-name Allows imposing a time limitation on the ACL rule as defined by the parameter time-range-name. If a time range with the specified name does not exist and the ACL containing this ACL rule is applied to an interface or bound to a VLAN, the ACL rule is applied immediately. If a time range with specified name exists and the ACL containing this ACL rule is applied to an interface or bound to a VLAN, the ACL rule is applied when the time-range with specified name becomes active. The ACL rule is removed when the time-range with specified name becomes inactive. Quality of Service Commands 974 CLI Command Reference Manual