Owner's Manual
ACL Commands 79
NOTE: Using "any" specifies that all IP protocols are permitted. The permit "any" does not imply that
other protocols running over IP (e.g., TCP, UDP, etc.) are "permitted" .
Example
The following example configures an ACE called "Dell" to allow RSVP protocol traffic from IP
address 12.1.1.1, mask 0.0.0.0 and DSCP 56.
deny (IP)
The
deny
IP access-list configuration command denies traffic if the conditions defined in the deny
statement are matched.
Syntax
deny [disable-port]
{
any|
protocol
}
{
any |
{
source
source-wildcard
}}
{
any |
{
destination
destination-wildcard
}}
[
dscp
dscp number
|
ip-precedence
ip-precedence
]
deny-tcp [disable-port]
{
any |
{
source
source-wildcard
}}
{
any
|source-port
}
{
any |
{
destination
destination-wildcard
}}
{
any
|destination-port
} [
dscp
dscp number
|
ip-
precedence
ip-precedence
]
deny-udp [disable-port]
{
any
| {
source
source-mask
}} {
any
| source-port
}
{
any
|
{
destination
destination-mask
}} {
any
| destination-port
} [
dscp
dscp number
|
ip-precedence
ip-precedence
]
•
disable-port
—If the statement is deny, then the port is disabled.
• Source IP address can be one of the following:
–
any
—Packets received from any IP address.
–
source
source-wildcard
—IP address and wildcard for host from which the packet is
sent. Specify the IP address as 0.0.0.0 and mask as 255.255.255.255.
• Destination IP address can be one of the following:
–
any
—Packets sent to any IP address.
–
destination
destination-wildcard
—IP address and wildcard for host to which the
packet is sent. Specify the IP address as 0.0.0.0 and mask as 255.255.255.255.
•
protocol
—The name or the number of an IP protocol. Use "
?"
to see list of available
protocols (
icmp
,
igmp
,
ip
,
tcp
,
egp
,
igp
,
udp
,
hmp
,
rdp
,
idpr
,
ipv6
,
ipv6-route
,
ipv6-frag
,
idrp
,
rsvp
,
gre
,
esp
,
ah
,
ipv6-icmp
,
eigrp
,
ospf
,
ipip
,
pim
,
l2tp
,
isis
) use
any
for all
protocols
•
destination-port
—Specifies the UDP/TCP destination port. Use
any
for all ports.
Console (config)# ip access-list Dell
Console (config-ip-al)# permit rsvp 12.1.1.1 0.0.0.0 any dscp 56