Fragments - Cisco Nexus 7000 Series Command Reference Manual

Hide thumbs Also See for Nexus 7000 Series:

Table of Contents

fragments

To optimize whether an IPv4 or IPv6 ACL permits or denies noninitial fragments that do not match an explicit

permit or deny command in the ACL, use the fragments command. To disable fragment optimization, use

the no form of this command.

fragments {deny-all| permit-all}

no fragments {deny-all| permit-all}

Syntax Description

Command Default

Command Modes

IPv4 ACL configuration

IPv6 ACL configuration

Command History

Usage Guidelines

The fragments command allows you to simplify the configuration of an IP ACL when you want to permit

or deny noninitial fragments that do not match an explicit permit or deny command in the ACL. Instead of

controlling noninitial fragment handling by using many permit or deny commands that specify the fragments

keyword, you can use the fragments command instead.

When a device applies to traffic an ACL that contains the fragments command, it only matches noninitial

fragments that do not match any explicit permit or deny commands in the ACL.

This command does not require a license.

This example shows how to enable fragment optimization in an IPv4 ACL named lab-acl. The permit-all

keyword means that the ACL permits any noninitial fragment that does not match a deny command that

includes the fragments keyword.

switch# configure terminal

Specifies that noninitial fragments of flows that are

matched by the ACL are always dropped.

Specifies that any noninitial fragments of a flow are

permitted when the initial fragment of the flow was

permitted by the ACL.

Modification

This command was introduced.

Cisco Nexus 7000 Series Security Command Reference