Cisco Nexus 5000 Series Command Reference Release 4.0(1a)N2(1) (OL-16599-01, March 2009)
Send comments to nx5000-docfeedback@cisco.com
6-65
Cisco Nexus 5000 Series Command Reference
OL-16599-01
Chapter 6 Security Commands
permit (IPv6)
dscp dscp (Optional) Specifies that the rule matches only packets with the specified
6-bit differentiated services value in the DSCP field of the IPv6 header. The
dscp argument can be one of the following numbers or keywords:
• 0–63—The decimal equivalent of the 6 bits of the DSCP field. For
example, if you specify 10, the rule matches only packets that have the
following bits in the DSCP field: 001010.
• af11—Assured Forwarding (AF) class 1, low drop probability (001010)
• af12—AF class 1, medium drop probability (001100)
• af13—AF class 1, high drop probability (001110)
• af21—AF class 2, low drop probability (010010)
• af22—AF class 2, medium drop probability (010100)
• af23—AF class 2, high drop probability (010110)
• af31—AF class 3, low drop probability (011010)
• af32—AF class 3, medium drop probability (011100)
• af33—AF class 3, high drop probability (011110)
• af41—AF class 4, low drop probability (100010)
• af42—AF class 4, medium drop probability (100100)
• af43—AF class 4, high drop probability (100110)
• cs1—Class-selector (CS) 1, precedence 1 (001000)
• cs2—CS2, precedence 2 (010000)
• cs3—CS3, precedence 3 (011000)
• cs4—CS4, precedence 4 (100000)
• cs5—CS5, precedence 5 (101000)
• cs6—CS6, precedence 6 (110000)
• cs7—CS7, precedence 7 (111000)
• default—Default DSCP value (000000)
• ef—Expedited Forwarding (101110)
flow-label
flow-label-value
(Optional) Specifies that the rule matches only IPv6 packets whose Flow
Label header field has the value specified by the flow-label-value argument.
The flow-label-value argument can be an integer from 0 to 1048575.
fragments (Optional) Specifies that the rule matches noninitial fragmented packets
only. The device considers noninitial fragmented packets to be packets with
a fragment extension header that contains a fragment offset that is not equal
to zero. You cannot specify this keyword in the same rule that you specify
Layer 4 options, such as a TCP port number, because the information that the
devices requires to evaluate those options is contained only in initial
fragments.