Cisco Systems 78-15328-01

2-511

Catalyst 6500 Series Switch Command Reference—Release7.6

78-15328-01

Chapter2 Catalyst 6500 Series Switch and ROM Monitor Commands set security acl ip

before

editbuffer_index (Optional) Inserts the new ACE in front of another ACE.

modify

editbuffer_index (Optional) Replaces an ACE with the new ACE.

log (Optional) Logs denied packets.

arp Specifies ARP.

redirect Specifies to which switched ports the packet is redirected.

mod_num/port_num Number of the module and port.

adj_name Name of the adjacency table entry.

protocol Keyword or number of an IP protocol; valid numbers are from 0 to

255 representing an IP protocol number. See the “Us age Guid elines”

section for the list of valid keywords.

dest_ip_spec Destination IP address and the destination mask. See the “Usage

Guidelines” section for the format.

precedence

precedence (Optional) Specifies the precedence level; valid values are from 0 to

7 or by name. See the “Usage Guidelines” section for a list of valid

names.

tos tos (Optional) Specifies the type of service level; valid v a lues are from 0

to 15 or by name. See the “Usage Guidelines” section for a list of

valid names.

fragment (Optional) Filters IP traffic that carries fragments.

capture (Optional) Specifies packets are switched normally and captured;

permit must also be enabled.

ip (Optional) Matches any Internet Protocol packet.

icmp | 1(Optional) Matches ICMP packets.

icmp-type (Optional) ICMP message type name or a number; valid values are

from 0 to 255. See the “Usage Guidelines” section for a list of valid

names.

icmp-code (Optional) ICMP message code name or a number; valid values are

from 0 to 255. See the “Usage Guidelines” section for a list of valid

names.

icmp-message (Optional) ICMP message type name or ICMP message type and

code name. See the “Usage Guidelines” section for a list of valid

names.

tcp | 6(Optional) Matches TCP packets.

operator (Optional) Operands; valid values include lt (less than), gt (greater

than), eq (equal), neq (not equal), and range (inclusive range).

port (Optional) Number or name of a TCP or UDP port; valid port

numbers are from 0 to 65535. See the “Usage Guidelines” section for

a list of valid names.

established (Optional) Specifies an established connection; used only for TCP

protocol.

udp | 17 (Optional) Matches UDP packets.

arp-inspection Specifies ARP inspection.

host ip_addr Specifies the host and host’s IP address.

mac_addr Specifies the MAC address.