Table Of Contents

lease

local-ip (IPC transport-SCTP local)

local-port

logging server-arp

manager (DFP agent)

maxconns (server farm)

nat

netbios-name-server

netbios-node-type

network (DHCP)

next-server

no ip gratuitous-arps

object (tracking)

option

origin

password (DFP agent)

permit (IP)

interface ethernet 0

port (DFP agent)

predictor

real

reassign

relay agent information

relay destination

relay source

relay target

relay-information hex

release dhcp

remark

remote-ip (IPC transport-SCTP remote)

remote-port

renew dhcp

retry (real server)

lease

To configure the duration of the lease for an IP address that is assigned from a Cisco IOS Dynamic Host Configuration Protocol (DHCP) server to a DHCP client, use the lease command in DHCP pool configuration mode. To restore the default value, use the no form of this command.

lease {days [hours [minutes]] | infinite}

no lease

Syntax Description

days	Specifies the duration of the lease in numbers of days.
hours	(Optional) Specifies the number of hours in the lease. A days value must be supplied before you can configure an hours value.
minutes	(Optional) Specifies the number of minutes in the lease. A days value and an hours value must be supplied before you can configure a minutes value.
infinite	Specifies that the duration of the lease is unlimited.

Defaults

1 day

Command Modes

DHCP pool configuration

Command History

Release	Modification
12.0(1)T	This command was introduced.

Examples

The following example shows a 1-day lease:

lease 1

The following example shows a 1-hour lease:

lease 0 1

The following example shows a 1-minute lease:

lease 0 0 1

The following example shows an infinite (unlimited) lease:

lease infinite

Related Commands

Command	Description
ip dhcp pool	Configures a DHCP address pool on a Cisco IOS DHCP server and enters DHCP pool configuration mode.

local-ip (IPC transport-SCTP local)

To define at least one local IP address that is used to communicate with the local peer, use the local-ip command in IPC transport-SCTP local configuration mode. To remove one or all IP addresses from your configuration, use the no form of this command.

local-ip device-real-ip-address [device-real-ip-address2]

no local-ip device-real-ip-address [device-real-ip-address2]

Syntax Description

device-real-ip-address	IP address of the local device. The local IP addresses must match the remote IP addresses on the peer router. There can be either one or two IP addresses, which must be in global Virtual Routing and Forwarding (VRF). A virtual IP (VIP) address cannot be used.
device-real-ip-address2	(Optional) IP address of the local device.

Defaults

No IP addresses are defined; thus, peers cannot communicate with the local peer.

Command Modes

IPC transport-SCTP local configuration

Command History

Release	Modification
12.3(8)T	This command was introduced.

Usage Guidelines

Use the local-ip command to help associate Stream Control Transmission Protocol (SCTP) as the transport protocol between the local and remote peer.

This command is part of a suite of commands used to configure the Stateful Switchover (SSO) protocol. SSO is necessary for IP Security (IPSec) and Internet Key Exchange (IKE) to learn about the redundancy state of the network and to synchronize their internal application state with their redundant peers.

Examples

The following example shows how to enable SSO:

!

redundancy inter-device

 scheme standby HA-in

!

!

ipc zone default

 association 1

  no shutdown

  protocol sctp

   local-port 5000

    local-ip 10.0.0.1

   remote-port 5000

    remote-ip 10.0.0.2

Related Commands

Command	Description
local-port	Defines the local SCTP port number that is used to communicate with the redundant peer.
remote-ip	Defines at least one remote IP address that is used to communicate with the redundant peer.

local-port

To define the local Stream Control Transmission Protocol (SCTP) port that is used to communicate with the redundant peer, use the local-port command in SCTP protocol configuration mode. .

local-port local-port-number

Syntax Description

local-port-number

Local port number, which should be the same as the remote port number on the peer router (which is specified via the remote-port command).

Defaults

A local SCTP port is not defined.

Command Modes

SCTP protocol configuration

Command History

Release	Modification
12.3(8)T	This command was introduced.

Usage Guidelines

The local-port command enters IPC transport-SCTP local configuration mode, which allows you to specify at least one local IP address (via the local-ip command) that is used to communicate with the redundant peer.

Examples

The following example shows how to enable Stateful Switchover (SSO):

!

redundancy inter-device

 scheme standby HA-in

!

!

ipc zone default

 association 1

  no shutdown

  protocol sctp

   local-port 5000

    local-ip 10.0.0.1

   remote-port 5000

    remote-ip 10.0.0.2

Related Commands

Command	Description
local-ip	Defines at least one local IP address that is used to communicate with the local peer.
remote-port	Defines the remote SCTP that is used to communicate with the redundant peer.

logging server-arp

To enable the sending of Address Resolution Protocol (ARP) requests for syslog server address during system initialization bootup, use the logging server-arp command in global configuration mode. To disable the sending of ARP requests for syslog server addresses, use the no form of this command.

logging server-arp

no logging server-arp

Syntax Description

This command has no arguments or keywords.

Command Default

This command is disabled by default.

Command Modes

Global configuration.

Command History

Release	Modification
12.3	This command was introduced.
12.3(4)T	This command was integrated into Cisco IOS Release 12.3(4)T.
12.3(5)B	This command was integrated into Cisco IOS Release 12.3(5)B.

Usage Guidelines

The logging server-arp global configuration command allows the sending of ARP requests for syslog server address during system initialization bootup.

When this CLI command is configured and saved to the startup configuration file, the system will send an ARP request for remote syslog server address before sending out the first syslog message.

The command should only be used when the remote syslog server is in the same subnet as the system router sending the ARP request.

---

Note Use this command even if a static ARP has been configured with the syslog server address.

---

Examples

The following example shows how to enable an ARP request for syslog server addresses:

Router# configure terminal

Router(config)# logging server-arp

Router(config)# exit

The following example shows how to disable an ARP request for syslog server addresses:

Router# configure terminal

Router(config)# no logging server-arp

Router(config)# exit

Related Commands

Command	Description
arp (global)	Adds a permanent entry in the Address Resolution Protocol (ARP) cache, use the arp command in global configuration mode.

manager (DFP agent)

This command has been replaced by the following commands:

•inservice (DFP agent)

•interval (DFP agent)

•ip dfp agent

•password (DFP agent)

•port (DFP agent)

maxconns (server farm)

To limit the number of active connections to the real server, use the maxconns command in SLB server farm configuration mode. To restore the default of 4294967295, use the no form of this command.

maxconns maximum-number [sticky-override]

no maxconns

Syntax Description

maximum-number	Maximum number of simultaneous active connections on the real server. Valid values range from 1 to 4294967295. The default is 4294967295.
sticky-override	(Optional) Allow sticky load balancing to exceed maximum-number for this real server.

Defaults

The default maximum number of simultaneous active connections on the real server is 4294967295.

Command Modes

SLB server farm configuration

Command History

Release	Modification
12.0(7)XE	This command was introduced.
12.1(5)T	This command was integrated into Cisco IOS Release 12.1(5)T.
12.2	This command was integrated into Cisco IOS Release 12.2.
12.2(14)S	This command was integrated into Cisco IOS Release 12.2(14)S.
12.1(18)E	The sticky-override keyword was added.
12.2(18)SXE	This command was integrated into Cisco IOS Release 12.2(18)SXE.
12.2(33)SRA	This command was integrated into Cisco IOS Release 12.2(33)SRA.

Examples

The following example limits the real server to a maximum of 1000 simultaneous active connections:

Router(config)# ip slb serverfarm PUBLIC

Router(config-slb-sfarm)# real 10.10.1.1

Router(config-slb-real)# maxconns 1000

Related Commands

Command	Description
real (server farm)	Identifies a real server by IP address and optional port number as a member of a server farm and enters real server configuration mode.
show ip slb reals	Displays information about the real servers.
show ip slb severfarms	Displays information about the server farm configuration.

nat

To configure IOS SLB Network Address Translation (NAT) and specify a NAT mode, use the nat SLB server farm configuration command. To remove a NAT configuration, use the no form of this command.

nat server

no nat server

Syntax Description

server

Specifies that the destination address in load-balanced packets sent to the real server is the address of the real server chosen by the server farm load-balancing algorithm.

Defaults

No default behavior or values.

Command Modes

SLB server farm configuration

Command History

Release	Modification
12.1(1)E	This command was introduced.
12.1(5)T	This command was integrated into Cisco IOS Release 12.1(5)T.

Usage Guidelines

The no nat command is allowed only if the virtual server was removed from service with the no inservice command.

Examples

The following example changes to IOS SLB server farm configuration mode and configures NAT mode as server address translation on the server farm named FARM2:

ip slb serverfarm FARM2

 nat server

Related Commands

Command	Description
ip slb serverfarm	Associates a real server farm with a virtual server.
real	Identifies a real server as a member of a server farm.
show ip slb serverfarms	Displays information about the server farm configuration.

netbios-name-server

To configure NetBIOS Windows Internet Naming Service (WINS) name servers that are available to Microsoft Dynamic Host Configuration Protocol (DHCP) clients, use the netbios-name-server command in DHCP pool configuration. To remove the NetBIOS name server list, use the no form of this command.

netbios-name-server address [address2...address8]

no netbios-name-server

Syntax Description

address	Specifies the IP address of the NetBIOS WINS name server. One IP address is required, although you can specify up to eight addresses in one command line.
address2...address8	(Optional) Specifies up to eight addresses in the command line.

Command Modes

DHCP pool configuration

Command History

Release	Modification
12.0(1)T	This command was introduced.

Usage Guidelines

One IP address is required, although you can specify up to eight addresses in one command line. Servers are listed in order of preference (address1 is the most preferred server, address2 is the next most preferred server, and so on).

Examples

The following example specifies the IP address of a NetBIOS name server available to the client:

netbios-name-server 10.12.1.90

Related Commands

Command	Description
dns-server	Specifies the DNS IP servers available to a DHCP client.
domain-name (DHCP)	Specifies the domain name for a DHCP client.
ip dhcp pool	Configures a DHCP address pool on a Cisco IOS DHCP Server and enters DHCP pool configuration mode.
netbios-node-type	Configures the NetBIOS node type for Microsoft DHCP clients.

netbios-node-type

To configure the NetBIOS node type for Microsoft Dynamic Host Configuration Protocol (DHCP) clients, use the netbios-node-type command in DHCP pool configuration mode. To remove the NetBIOS node type, use the no form of this command.

netbios-node-type type

no netbios-node-type

Syntax Description

type	Specifies the NetBIOS node type. Valid types are: •b-node—Broadcast •p-node—Peer-to-peer •m-node—Mixed •h-node—Hybrid (recommended)

Command Modes

DHCP pool configuration

Command History

Release	Modification
12.0(1)T	This command was introduced.

Usage Guidelines

The recommended type is h-node (hybrid).

Examples

The following example specifies the client's NetBIOS type as hybrid:

netbios node-type h-node

Related Commands

Command	Description
ip dhcp pool	Configures a DHCP address pool on a Cisco IOS DHCP Server and enters DHCP pool configuration mode.
netbios name-server	Configures NetBIOS WINS name servers that are available to Microsoft DHCP clients.

network (DHCP)

To configure the subnet number and mask for a Dynamic Host Configuration Protocol (DHCP) address pool on a Cisco IOS DHCP server, use the network command in DHCP pool configuration mode. To remove the subnet number and mask, use the no form of this command.

network network-number [mask | prefix-length]

no network

Syntax Description

network-number	The IP address of the DHCP address pool.
mask	(Optional) The bit combination that renders which portion of the address of the DHCP address pool refers to the network or subnet and which part refers to the host.
prefix-length	(Optional) The number of bits that comprise the address prefix. The prefix is an alternative way of specifying the network mask of the client. The prefix length must be preceded by a forward slash (/).

Defaults

No default behavior or values.

Command Modes

DHCP pool configuration

Command History

Release	Modification
12.0(1)T	This command was introduced.

Usage Guidelines

This command is valid for DHCP subnetwork address pools only. If the mask or prefix length is not specified, the class A, B, or C natural mask is used. The DHCP Server assumes that all host addresses are available. The system administrator can exclude subsets of the address space by using the ip dhcp excluded-address command.

You cannot configure manual bindings within the same pool that is configured with the network command.

Examples

The following example configures 172.16.0.0/16 as the subnetwork number and mask of the DHCP pool:

network 172.16.0.0/16

Related Commands

Command	Description
host	Specifies the IP address and network mask for a manual binding to a DHCP client.
ip dhcp excluded-address	Specifies IP addresses that a Cisco IOS DHCP server should not assign to DHCP clients.
ip dhcp pool	Configures a DHCP address pool on a Cisco IOS DHCP server and enters DHCP pool configuration mode.

next-server

To configure the next server in the boot process of a Dynamic Host Configuration Protocol (DHCP) client, use the next-server command in DHCP pool configuration. To remove the boot server list, use the no form of this command.

next-server address [address2...address8]

no next-server address

Syntax Description

address	Specifies the IP address of the next server in the boot process, which is typically a Trivial File Transfer Protocol (TFTP) server. One IP address is required, although you can specify up to eight addresses in one command line.
address2...address8	(Optional) Specifies up to eight addresses in the command line.

Defaults

If the next-server command is not used to configure a boot server list, the DHCP Server uses inbound interface helper addresses as boot servers.

Command Modes

DHCP pool configuration

Command History

Release	Modification
12.0(1)T	This command was introduced.

Usage Guidelines

You can specify up to eight servers in the list. Servers are listed in order of preference (address1 is the most preferred server, address2 is the next most preferred server, and so on).

Examples

The following example specifies 10.12.1.99 as the IP address of the next server in the boot process:

next-server 10.12.1.99

Related Commands

Command	Description
accounting (DHCP)	Specifies the name of the default boot image for a DHCP client.
ip dhcp pool	Configures a DHCP address pool on a Cisco IOS DHCP server and enters DHCP pool configuration mode.
ip helper-address	Forwards UDP broadcasts, including BOOTP, received on an interface.
option	Configures Cisco IOS DHCP server options.

no ip gratuitous-arps

To disable the transmission of gratuitous Address Resolution Protocol (ARP) messages for an address in a local pool, use the no ip gratuitous-arps command in global configuration mode.

no ip gratuitous-arps

Syntax Description

This command has no keywords or arguments.

Defaults

Disabled

Command Modes

Global configuration

Command History

Release	Modification
11.3	This command was introduced.

Usage Guidelines

A Cisco router will send out a gratuitous ARP message when a client connects and negotiates an address over a PPP connection. This transmission occurs even when the client receives the address from a local address pool.

Examples

The following example disables gratuitous arp messages from being sent:

no ip gratuitous-arps

object (tracking)

To specify an object for a tracked list, use the object command in tracking configuration mode. To remove the object from the tracked list, use the no form of this command.

object object-number [not] [weight weight-number]

no object object-number [not] [weight weight-number]

Syntax Description

object-number	Object in a tracked list of objects. Range is from 1 to 500.
not	(Optional) Negates the state of an object. Note The not keyword cannot be used in a weight or percentage threshold list only the Boolean list.
weight weight-number	The optional weight keyword specifies a threshold weight for each object.

Defaults

The object is removed from the tracked list.

Command Modes

Tracking configuration

Command History

Release	Modification
12.3(8)T	This command was introduced.

Examples

The following example shows two serial interfaces (objects) that are in tracked list 100. The Boolean "not" negates state of object 2 , which means when object 2 is up, the tracked list regards the object as down.

track 1 interface serial2/0 line-protocol

track 2 interface serial2/1 line-protocol

track 100 list boolean and

 object 1

 object 2 not

Related Commands

Command	Description
show track	Displays tracking information.
track list threshold percentage	Tracks a list of objects as to the up and down object states using a threshold percentage.
track list threshold weight	Tracks a list of objects as to the up and down object states using a threshold weight.
threshold weight	Specifies a threshold weight for a tracked list.

option

To configure Cisco IOS Dynamic Host Configuration Protocol (DHCP) server options, use the option command in DHCP pool configuration mode. To remove the options, use the no form of this command.

option code [instance number] {ascii string | hex string | ip address}

no option code [instance number]

Syntax Description

code	Specifies the DHCP option code.
instance number	(Optional) Specifies a number from 0 to 255.
ascii string	Specifies an NVT ASCII character string. ASCII character strings that contain white space must be delimited by quotation marks.
hex string	Specifies dotted hexadecimal data. Each byte in hexadecimal character strings is two hexadecimal digits—each byte can be separated by a period, colon, or white space.
ip address	Specifies an IP address.

Defaults

The default instance number is 0.

Command Modes

DHCP pool configuration

Command History

Release	Modification
12.0(1)T	This command was introduced.

Usage Guidelines

DHCP provides a framework for passing configuration information to hosts on a TCP/IP network. Configuration parameters and other control information are carried in tagged data items that are stored in the options field of the DHCP message. The data items themselves are also called options. The current set of DHCP options are documented in RFC 2131, Dynamic Host Configuration Protocol.

Examples

The following example configures DHCP option 19, which specifies whether the client should configure its IP layer for packet forwarding. A value of 0 means disable IP forwarding; a value of 1 means enable IP forwarding. IP forwarding is enabled in the following example:

option 19 hex 01

The following example configures DHCP option 72, which specifies the World Wide Web servers for DHCP clients. World Wide Web servers 172.16.3.252 and 172.16.3.253 are configured in the following example:

option 72 ip 172.16.3.252 172.16.3.253

Related Commands

Command	Description
ip dhcp pool	Configures a DHCP address pool on a Cisco IOS DHCP server and enters DHCP pool configuration mode.

origin

To configure an address pool as an on-demand address pool (ODAP) or static mapping pool, use the origin command in DHCP pool configuration mode. To disable the ODAP, use the no form of this command.

origin {dhcp | aaa | ipcp | file url} [subnet size initial size [autogrow size]]

no origin {dhcp | aaa | ipcp | file url} [subnet size initial size [autogrow size]]

Syntax Description

dhcp	Specifies the Dynamic Host Configuration Protocol (DHCP) as the subnet allocation protocol.
aaa	Specifies authentication, authorization, and accounting (AAA) as the subnet allocation protocol.
ipcp	Specifies the IP Control Protocol (IPCP) as the subnet allocation protocol.
file url	Specifies the external database file that contains the static bindings assigned by the DHCP server. The url argument specifies the location of the external database file.
subnet size initial size	(Optional) Specifies the initial size of the first requested subnet. You can enter size as either the subnet mask (nnnn.nnnn.nnnn.nnnn) or prefix size (/nn). The valid values are /0 and /4 to /30.
autogrow size	(Optional) Specifies that the pool can grow incrementally. The size argument is the size of the requested subnets when the pool requests additional subnets (upon detection of high utilization). You can enter size as either the subnet mask (nnnn.nnnn.nnnn.nnnn) or prefix size (/nn). The valid values are /0 and /4 to /30.

Defaults

The default size value is /0.

Command Modes

DHCP pool configuration

Command History

Release	Modification
12.2(8)T	This command was introduced.
12.3(11)T	The file keyword was added.

Usage Guidelines

If you do not configure the pool as an autogrow pool, the pool will not request additional subnets if one subnet is already in the pool.

Use the dhcp keyword to obtain subnets from DHCP, the aaa keyword to obtain subnets from the AAA server, and the ipcp keyword to obtain subnets from IPCP negotiation. If you expect that the utilization of the pool may grow over time, use the autogrow size option.

If a pool has been configured with the autogrow size option, ensure that the source server is capable of providing more than one subnet to the same pool. Even though the Cisco IOS software specifies the requested subnet size, it can accept any offered subnet size from the source server.

Examples

The following example shows how to configure an address pool named green to use DHCP as the subnet allocation protocol with an initial subnet size of 24 and an autogrow subnet size of 24:

ip dhcp pool green

  vrf green

  origin dhcp subnet size initial /24 autogrow /24

  utilization mark high 80

  utilization mark low 20

The following example shows how to configure the location of the external text file:

ip dhcp pool abcpool

 origin file tftp://10.1.0.1/staticbindingfile

Related Commands

Command	Description
show ip dhcp pool	Displays information about the DHCP address pools.

password (DFP agent)

To configure a DFP agent password for MD5 authentication, use the password command in DFP agent configuration mode. To remove the DFP agent password, use the no form of this command.

password [0 | 7] password [timeout]

no password

Syntax Description

0	(Optional) Unencrypted password. This is the default setting.
7	(Optional) Encrypted password.
password	(Optional) Password value for MD5 authentication. Note This password must match the password configured on the host agent.
timeout	(Optional) Delay period, in seconds, during which both the old password and the new password are accepted. The valid range is from 0 to 65535. The default is 180.

Defaults

No password is enabled.

Command Modes

DFP agent configuration

Command History

Release	Modification
12.1(8a)E	This command was introduced.
12.2(14)S	This command was integrated into Cisco IOS Release 12.2(14)S.
12.3(4)T	This command was integrated into Cisco IOS Release 12.3(4)T.

Usage Guidelines

The timeout option allows you to change the password without stopping messages between the DFP agent and its manager. The default value is 180 seconds.

During the timeout, the agent sends packets with the old password (or null, if there is no old password), and receives packets with either the old or new password. After the timeout expires, the agent sends and receives packets only with the new password; received packets that use the old password are discarded.

If you are changing the password for an entire load-balanced environment, set a longer timeout. This allows enough time for you to update the password on all agents and servers before the timeout expires. It also prevents mismatches between agents and servers that have begun running the new password and agents, and servers on which you have not yet changed the old password.

Examples

The following example shows how to set the DFP agent password (unencrypted by default) to Cookies and the timeout to 360 seconds:

Router(config)# ip dfp agent slb

Router(config-dfp)# password Cookies 360

Related Commands

Command	Description
agent	Identifies a DFP agent to which IOS SLB can connect.
ip dfp agent	Identifies a DFP agent subsystem and initiates DFP agent configuration mode.
ip slb dfp	Configures DFP, supplies an optional password, and initiates DFP configuration mode.
replicate casa (firewall farm)	Configures a stateful backup of IOS SLB decision tables to a backup switch.
replicate casa (virtual server)	Configures a stateful backup of IOS SLB decision tables to a backup switch.

permit (IP)

To set conditions to allow a packet to pass a named IP access list, use the permit command in access list configuration mode. To remove a permit condition from an access list, use the no form of this command.

[sequence-number] permit source [source-wildcard]

[sequence-number] permit protocol source source-wildcard destination destination-wildcard [option option-name] [precedence precedence] [tos tos] [log] [time-range time-range-name] [fragments]

no sequence-number

no permit source [source-wildcard]

no permit protocol source source-wildcard destination destination-wildcard [option option-name] [precedence precedence] [tos tos] [log] [time-range time-range-name] [fragments]

Internet Control Message Protocol (ICMP)

[sequence-number] permit icmp source source-wildcard destination destination-wildcard [icmp-type [icmp-code] | icmp-message] [precedence precedence] [tos tos] [log] [time-range time-range-name] [fragments]

Internet Group Management Protocol (IGMP)

[sequence-number] permit igmp source source-wildcard destination destination-wildcard [igmp-type] [precedence precedence] [tos tos] [log] [time-range time-range-name] [fragments]

Transmission Control Protocol (TCP)

[sequence-number] permit tcp source source-wildcard [operator [port]] destination destination-wildcard [operator [port]] [established | {match-any | match-all} {+ | -} flag-name] [precedence precedence] [tos tos] [log] [time-range time-range-name] [fragments]

User Datagram Protocol (UDP)

[sequence-number] permit udp source source-wildcard [operator [port]] destination destination-wildcard [operator [port]] [precedence precedence] [tos tos] [log] [time-range time-range-name] [fragments]

Syntax Description

sequence-number	(Optional) Sequence number assigned to the permit statement. The sequence number causes the system to insert the statement in that numbered position in the access list.
source	Number of the network or host from which the packet is being sent. There are three alternative ways to specify the source: •Use a 32-bit quantity in four-part dotted-decimal format. •Use the any keyword as an abbreviation for a source and source-wildcard of 0.0.0.0 255.255.255.255. •Use host source as an abbreviation for a source and source-wildcard of source 0.0.0.0.
source-wildcard	Wildcard bits to be applied to source. There are three alternative ways to specify the source wildcard: •Use a 32-bit quantity in four-part dotted-decimal format. Place 1s in the bit positions that you want to ignore. •Use the any keyword as an abbreviation for a source and source-wildcard of 0.0.0.0 255.255.255.255. •Use host source as an abbreviation for a source and source-wildcard of source 0.0.0.0.
protocol	Name or number of an Internet protocol. The protocol argument can be one of the keywords eigrp, gre, icmp, igmp, ip, ipinip, nos, ospf, tcp, or udp, or an integer in the range from 0 to 255 representing an Internet protocol number. To match any Internet protocol (including ICMP, TCP, and UDP), use the ip keyword. Note When the icmp, igmp, tcp, and udp keywords are entered, they must be followed with the specific command syntax that is shown for the ICMP, IGMP, TCP, and UDP forms of the permit command.
icmp	Permits only ICMP packets. When you enter the icmp keyword, you must use the specific command syntax shown for the ICMP form of the permit command.
igmp	Permits only IGMP packets. When you enter the igmp keyword, you must use the specific command syntax shown for the IGMP form of the permit command.
tcp	Permits only TCP packets. When you enter the tcp keyword, you must use the specific command syntax shown for the TCP form of the permit command.
udp	Permits only UDP packets. When you enter the udp keyword, you must use the specific command syntax shown for the UDP form of the permit command.
destination	Number of the network or host to which the packet is being sent. There are three alternative ways to specify the destination: •Use a 32-bit quantity in four-part dotted-decimal format. •Use the any keyword as an abbreviation for the destination and destination-wildcard of 0.0.0.0 255.255.255.255. •Use host destination as an abbreviation for a destination and destination-wildcard of destination 0.0.0.0.
destination-wildcard	Wildcard bits to be applied to the destination. There are three alternative ways to specify the destination wildcard: •Use a 32-bit quantity in four-part dotted-decimal format. Place 1s in the bit positions that you want to ignore. •Use the any keyword as an abbreviation for a destination and destination-wildcard of 0.0.0.0 255.255.255.255. •Use host destination as an abbreviation for a destination and destination-wildcard of destination 0.0.0.0.
option option-name	(Optional) Packets can be filtered by IP Options, as specified by a number from 0 to 255, or by the corresponding IP Option name, as listed in Table 3 in the "Usage Guidelines" section.
precedence precedence	(Optional) Packets can be filtered by precedence level, as specified by a number from 0 to 7 or by a name.
tos tos	(Optional) Packets can be filtered by type of service (ToS) level, as specified by a number from 0 to 15, or by a name as listed in the "Usage Guidelines" section of the access-list (IP extended) command.
log	(Optional) Causes an informational logging message about the packet that matches the entry to be sent to the console. (The level of messages logged to the console is controlled by the logging console command.)
time-range time-range-name	(Optional) Name of the time range that applies to this permit statement. The name of the time range and its restrictions are specified by the time-range and absolute or periodic commands, respectively.
fragments	(Optional) The access list entry applies to noninitial fragments of packets; the fragment is either permitted or denied accordingly. For more details about the fragments keyword, see the "Access List Processing of Fragments" and "Fragments and Policy Routing" sections in the "Usage Guidelines" section.
icmp-type	(Optional) ICMP packets can be filtered by ICMP message type. The type is a number from 0 to 255.
icmp-code	(Optional) ICMP packets that are filtered by ICMP message type can also be filtered by the ICMP message code. The code is a number from 0 to 255.
icmp-message	(Optional) ICMP packets can be filtered by an ICMP message type name or an ICMP message type and code name. The possible names are listed in the "Usage Guidelines" section of the access-list (IP extended) command.
igmp-type	(Optional) IGMP packets can be filtered by IGMP message type or message name. A message type is a number from 0 to 15. IGMP message names are listed in the "Usage Guidelines" section of the access-list (IP extended) command.
operator	(Optional) Compares source or destination ports. Operators include lt (less than), gt (greater than), eq (equal), neq (not equal), and range (inclusive range). If the operator is positioned after the source and source-wildcard arguments, it must match the source port. If the operator is positioned after the destination and destination-wildcard arguments, it must match the destination port. The range operator requires two port numbers. Up to ten port numbers can be enter