1 (fin) – Finish

2 (syn) – Synchronize

4 (rst) – Reset

8 (psh) – Push

16 (ack) – Acknowledgement

32 (urg) – Urgent pointer

code-keyword-seq– The following code keywords can be specified, but must follow the indicated sequence: fin syn rst psh ack urg

(The code keyword must be ON if specified and OFF if not specified.)

fragments – The rule only matches packets with the More Fragments (MF) bit set or with a fragment offset greater than zero. If fragment is not set, the rule matches both fragment and non-fragment packets.

log – Logs any matching packets in the log buffer. The maximum number of entries stored in the log buffer is 64. When the buffer fills, it wraps around and overwrites the oldest entries. Note that the log is stored in RAM and is lost when the switch is reset.

Default Setting

None

Command Mode

General Configuration

Command Usage

The system default is to stop all IP packets from passing from the down-link ports to the management port (NETMGT). If you need the blades to access the management network through the management port (NETMGT), you must set a filter to permit specific frames to pass from the down-link ports through the management port. Note that traffic is never allowed to pass from the up-link ports to the management port.

A fragment is a packet where MF (more fragments) = 1 or Fragment Offset > 0. If the fragments keyword is absent in a rule, then both fragments and non- fragmented packets will be checked by the rule.

When specifying a code value and mask, the logic is that a packet matches if <value in header> & <mask> == <value> & <mask>. For example, use the code value and mask shown below to catch packets with the following flags set:

Chapter 4 Command-Line Reference 4-79

Page 276 Page 278
Page 277
Image 277
Sunfire B1600 manual General Configuration
Page 276 Page 278
Top Page Image Contents