group-id
|
Specifies a unique group ID for this filter group.
(For Cisco uBR Series Router) The range is from 1 to 254.
255 is reserved for use by the CMTS router.
(For Cisco cBR Series Router) The range is from 1 to 254.
|
index-num
|
Specifies a unique index for this particular filter. The range is from 1 to 128
on a uBR7200 series router, and 1 to 255 on a uBR10012 router and cBR-8 router.
|
Specify one of the
following options and option-values
|
|
dest-ip
ip-address
|
(Optional) Specifies the destination IP address that should be matched. The
default IP address is 0.0.0.0. (IPv4 filters only)
|
dest-mac-addr
mac-address
|
(Optional) Specifies the destination MAC address that should be matched. Cisco
cBR-8 router does not have this option.
|
dest-mac-mask
mask
|
(Optional) Specifies the mask for the destination MAC address that should be
matched. Cisco cBR-8 router does not have this option.
|
dest-mask
mask
|
(Optional) Specifies the mask for the destination address that should be
matched. The
mask is ANDed
with the IP address specified by the
dest-ip
option and compared to the result of ANDing the
mask with the
packet’s destination IP address. The filter considers it a match if the two
values are the same. (IPv4 filters only)
Note
| The
default mask of 0.0.0.0 matches all IP addresses.
|
|
dest-port
port-number
|
(Optional) Specifies the TCP/UDP destination port number that should be
matched. The range is from 0 to 65535. The default value matches all TCP/UDP
port numbers (IPv4 and IPv6 filters).
|
eth-proto-type
ethernet
protocol
type
|
(Optional) Specifies the Ethernet protocol type number that should be matched.
The range is from 0 to 65536. Cisco cBR-8 router does not have this option.
|
eth-protocol
ethernet
protocol
number
|
(Optional) Specifies the Ethernet protocol that should be matched. The range is
from 0 to 65536. Cisco cBR-8 router does not have this option.
|
ip-proto
proto-type
|
(Optional) Specifies the IP protocol type number that should be matched. The
range is from 0 to 256. The default is 256, which matches all protocols (IPv4
and IPv6 filters).
Some
commonly-used values are:
- 1—ICMP, Internet Control
Message Protocol.
- 2—IGMP, Internet Group
Management Protocol.
- 4—IP in IP encapsulation.
- 6—TCP, Transmission Control Protocol.
- 17—UDP, User Datagram Protocol.
|
ip-tos
tos-mask
tos-value
|
(Optional) Specifies a type of service (TOS) mask and value to be matched (IPv4
and IPv6 filters):
- tos-mask—8-bit value expressed in hexadecimal
notation. The valid range is 0x00 through 0xFF.
- tos-value—8-bit value expressed in hexadecimal
notation. The valid range is 0x00 through 0xFF.
The
tos-mask is
logically ANDed with the
tos-value
and compared to the result of ANDing the
tos-mask
with the packet’s actual TOS value. The filter considers it a match if the two
values are the same.
Note
|
The default values for both parameters matches all ToS values.
|
|
ip-version
|
(Optional) Specifies the IP version of the filter:
- ipv4—Filter
is an IP version 4 filter group (default).
- ipv6—Filter
is an IP version 6 filter group.
|
match-action {accept
|
drop}
|
(Optional) Specifies the action that should be taken for packets that match
this filter (IPv4 and IPv6 filters):
- accept—Packets that match the filter are accepted
(default).
- drop—Packets that match the filter are dropped.
|
range-dest-port
start-port
number
end-port
number
|
(Optional) Specifies the TCP/UDP destination port start range. The range is
from 0 to 65535.
|
range-ip-tos
mask
against
TOS
start
value
and
end
value
|
(Optional) Specifies IP TOS byte range settings expressed in hexadecimal
notation. The range is from 0x00 through 0xFF.
|
range-src-port
start-port
number
end-port
number
|
(Optional) Specifies TCP/UDP source port start range. The range is from 0 to
65535.
|
range-user-pri
low-priority
value
high-priority
value
|
(Optional) Specifies the user priority.The range for priority is from 0 to 8.
The Priority field indicates the frame priority level from 0 (lowest) to 8
(highest), which prioritizes different classes of traffic (such as voice, video
and data). Cisco cBR-8 router does not have this option.
|
src-ip
ip-address
|
(Optional) Specifies the source IP address that should be matched. The default
IP address is 0.0.0.0. (IPv4 filters only)
|
src-mac-addr
mac
address
|
(Optional) Specifies the source MAC address to be matched. Cisco cBR-8 router
does not have this option.
|
src-mask
mask
|
(Optional) Specifies the mask for the source address that should be matched.
The
mask is
ANDed with the IP address specified by the
src-ip
option and compared to the result of ANding the
mask with
the packet’s source IP address. The filter considers it a match if the two
values are the same. (IPv4 filters only)
Note
|
The default mask of 0.0.0.0 matches all IP addresses.
|
|
src-port
port-number
|
(Optional) Specifies the TCP/UDP source port number that should be matched. The
range is from 0 to 65535. The default value matches all TCP/UDP port numbers
(IPv4 and IPv6 filters).
|
status
{active |
inactive}
|
(Optional) Enables or disables the filter (IPv4 and IPv6 filters):
- active—Enables the filter immediately (default).
- inactive
—Disables the filter immediately.
Note
|
You must create a filter group using at least one of the other options before
you can use this command to enable or disable the filter.
|
|
tcp-flags
flags-mask
flags-value
|
(Optional) Specifies the TCP flag mask and value to be matched (IPv4 and IPv6
filters):
- flags-mask—8-bit value expressed in hexadecimal
notation. The valid range is 0x0 through 0x3F.
- flags-value—8-bit value expressed in hexadecimal
notation. The valid range is 0x0 through 0x3F.
|
v6-dest-address
ipv6-address
|
(Optional) Specifies the IPv6 destination address that should be matched using
the format X:X:X:X::X (IPv6 filters only).
|
v6-dest-pfxlen
prefix-length
|
(Optional) Specifies the length of the network portion of the IPv6 destination
address. The range is from 0 to 128 (IPv6 filters only).
|
v6-flow-label
flow-label
value
|
(Optional) Specifies the IPv6 flow label to be used by the source to label
packets of a flow. The range is from 0 to 1048575. A flow label of zero is used
to indicate packets not part of any flow.
|
v6-src-address
ipv6-address
|
(Optional) Specifies the IPv6 source address that should be matched using the
format X:X:X:X::X (IPv6 filters only).
|
v6-src-pfxlen
prefix-length
|
(Optional) Specifies the length of the network portion of the IPv6 source
address. The range is form 0 to 128 (IPv6 filters only).
|
vlan-id
vlan-id
|
(Optional) Specifies the VLAN Identifier to be matched, which is a 12-bit field
specfying the VLAN to which the packet belongs.The range is from 0 to 4094.
Cisco cBR-8 router does not have this option.
|