Configuring IPv4 and IPv6 Access Control Lists
Protocol
TCP
1
ICMP Information
IP packets can be filtered based on the following optional ICMP conditions:
• icmp-type—The ICMP message type is a number from 0 to 255.
• icmp-code—The ICMP message code is a number from 0 to 255.
The following table displays the value for each ICMP type.
Table 9: ICMP Type Value
ICMP Type
echo
echo-reply
destination unreachable
traceroute
time exceeded
2
1
If the TCP connection is already established, use the established option to find matches. A match occurs
if the TCP datagram has the ACK, FIN, PSH, RST, or URG control bit set.
2
Code
8
0
3
30
11
ICMP redirect packets are always rejected.
Port
ftp
ftp-data
ssh
telnet
smtp
tasacs-ds
www
sftp
http
wbem-http
wbem-https
Cisco MDS 9000 Series Security Configuration Guide, Release 8.x
ICMP Information
Number
20
21
22
23
25
65
80
115
143
5988
5989
103