match tcp-flags
Configures
Transmission Control Protocol (TCP) flag-based matching for a route-map sequence number.
Syntax
match tcp-flags
{
any
|
all
}
[
ack
|
not-ack
]
[
cwr
|
not-cwr
]
[
ece
|
not-ece
]
[
fin
|
not-fin
]
[
push
|
not-push
]
[
rst
|
not-rst
]
[
syn
|
not-syn
]
[
urg
|
not-urg
]
no
match tcp-flags
{
any
|
all
}
[
ack
|
not-ack
]
[
cwr
|
not-cwr
]
[
ece
|
not-ece
]
[
fin
|
not-fin
]
[
push
|
not-push
]
[
rst
|
not-rst
]
[
syn
|
not-syn
]
[
urg
|
not-urg
]
Command Default
Matching based on TCP flags is not
configured.
Parameters
- all
- Specfies that matching occurs when traffic
matches all of the subsequent specified options.
- any
- Specfies that matching
occurs when traffic matches any of the subsequent specified options.
- ack
- Configures matching
based on TCP Acknowledgement flag.
- not-ack
- Configures matching
based on no TCP Acknowledgement flag.
- cwr
- Configures matching
based on TCP Congestion Window Reduced (CWR) flag. This match criterion is
not supported in the hardware but is still received and advertised by
BGP.
- not-cwr
- Configures matching
based on no TCP CWR flag. This match criterion is not supported in the
hardware but is still received and advertised by BGP.
- ece
- Configures matching
based on TCP Explicit Congestion Notification Echo (ECE) flag. This match
criterion is not supported in the hardware but is still received and
advertised by BGP.
- not-ece
- Configures matching
based on no TCP ECE flag. This match criterion is not supported in the
hardware but is still received and advertised by BGP.
- fin
- Configures matching
based on TCP FIN (finish) flag.
- not-fin
- Configures matching
based on no TCP FIN flag.
- push
- Configures matching
based on TCP PUSH flag.
- not-push
- Configures matching
based on no TCP PUSH flag.
- rst
- Configures matching
based on TCP RST (reset) flag.
- not-rst
- Configures matching
based on no TCP RST flag.
- syn
- Configures matching
based on TCP Synchronization flag.
- not-syn
- Configures matching based on no TCP
Synchronization flag.
- urg
- Configures matching
based on TCP URG (urgent) flag.
- not-urg
- Configures matching
based on no TCP URG flag.
Modes
Route-map
configuration mode
Usage Guidelines
When match protocol
and match tcp-flags are
specified in the same stanza, the protocol specified by the match protocol command
must be TCP; specifying any other protocol value using the match protocol command
results in the rule being evaluated as false and it becomes inactive.
When it is possible to have multiple flag options together in a TCP packet header; for example
SYN, ACK and so on, you can configure all options using one match tcp-flags command.
Up to 128 match tcp-flags configurations are
allowed per
route-map sequence number.
When multiple match
tcp-flags configurations exist, matching occurs when traffic matches
any one of the configurations.
The
no form of the command removes the configuration.
Examples
The following example shows how to configure matching on the SYN and ACK TCP
flags for sequence number 4 under a route-map named rm.
device# configure terminal
device(config)# route-map rm permit 4
device(config-route-map-rm/permit/4)# match tcp-flags any syn ack
The following example shows how to configure matching on both the PUSH and ACK
TCP flags for sequence number 4 under a route-map named rm.
device# configure terminal
device(config)# route-map rm permit 4
device(config-route-map-rm/permit/4)# match tcp-flags all push ack
