24 permit tcp – CANOGA PERKINS CanogaOS Command Reference User Manual
Page 679
CanogaOS Command Line Reference
Revision 1.02
Proprietary & Confidential Canoga Pertkins Metro Ethernet Switches
Page 679 of 855
permit igmp
33.24 permit tcp
Use this command to permit TCP packets matching the IP filter.
Command Syntax
[<1-2147483646>] permit tcp { source source-mask | any | host source } [ src-port operator
port ]{destination destination-mask any | host destination} [ dst-port operator port ] [ ip-precedence
precedence | dscp dscp ] [ established | [ match-any | match-all flag-name] ] [ fragments ]
[ routed-packet ] [ options ] [ time-range time-range-name ] [ stats ]
src-port: source port <0-65535>
dst-port: destination port <0-65535>
operator
:including eq (equal to), lt (less than), gt (greater than), neq (not equal to), range
port: the port to be compared <0-65535>
established
:match established connections
match-any
:match any of the flag-name
match-all
: match all the flag-name
flag-name: the flag bit in tcp packets including ack, fin, psh, rst, syn, urg
For other parameters, please refer to permit command.
Command Mode
IP ACL configuration
Usage
The fragments will be invalid when the layer 4 information is specified (i.e. src-port).
Examples
This example shows how to create a filter in IP ACL to permit any TCP packets.
Switch(config-ip-acl)#10 permit tcp any any
This example shows how to create a filter in IP ACL to permit the TCP packets with the source IP
address 1.1.1.1, and source port ranges from 0 to 100.
Switch(config-ip-acl)#20 permit tcp host 1.1.1.1 src-port range 0 100 any
This example shows how to create a filter in IP ACL to permit any TCP packets in established TCP
streams.
Switch(config-ip-acl)#30 permit tcp any any establised
This example shows how to create a filter in IP ACL to permit the TCP ACK packets with the source IP
address 10.10.10.0.
Switch(config-ip-acl)#4 permit tcp 10.10.10.0 0.0.0.0 any match-any ack