API Guide

ManualsBrandsDell ManualsAccess PlatformsEMC Networking MX9116n

1121

Default Not configured

Command Mode EXEC

Usage

Information

If you do not enter an access-list name, all MAC access-list counters clear. The counter counts the

number of packets that match each permit or deny statement in an access list. To get a more recent

count of packets matching an access list, clear the counters to start at zero. To view access-list

information, use the show access-lists command.

Example

OS10# clear mac access-list counters

Supported

Releases

10.2.0E or later

deny

Configures a filter to drop packets with a specific IP address.

Syntax

deny [protocol-number | icmp | ip | tcp | udp] [A.B.C.D | A.B.C.D/x | any |

host ip-address] [A.B.C.D | A.B.C.D/x | any | host ip-address] [capture |

count | dscp value | fragment | log]

Parameters

● protocol-number — (Optional) Enter the protocol number identified in the IP header, from 0 to

255.

● icmp — (Optional) Enter the ICMP address to deny.

● ip — (Optional) Enter the IP address to deny.

● tcp — (Optional) Enter the TCP address to deny.

● udp — (Optional) Enter the UDP address to deny.

● A.B.C.D — Enter the IP address in dotted decimal format.

● A.B.C.D/x — Enter the number of bits to match to the dotted decimal address.

● any — (Optional) Enter the keyword any to specify any source or destination IP address.

● host ip-address — (Optional) Enter the keyword and the IP address to use a host address only.

● capture — (Optional) Capture packets the filter processes.

● count — (Optional) Count packets the filter processes.

● byte — (Optional) Count bytes the filter processes.

● dscp value — (Optional) Deny a packet based on the DSCP values, from 0 to 63.

● fragment — (Optional) Use ACLs to control packet fragments.

● log — (Optional) Enables ACL logging. Information about packets that match an ACL rule are logged.

Default Not configured

Command Mode IPV4-ACL

Usage

Information

OS10 cannot count both packets and bytes; when you use the count byte options, only bytes

increment. The no version of this command removes the filter.

Example

OS10(config)# ip access-list testflow

OS10(conf-ipv4-acl)# deny udp any any

Supported

Releases

10.2.0E or later

deny (IPv6)

Configures a filter to drop packets with a specific IPv6 address.

Syntax

deny [protocol-number | icmp | ipv6 | tcp | udp] [A::B | A::B/x | any |

host ipv6-address] [A::B | A::B/x | any | host ipv6-address] [capture |

count | dscp value | fragment | log]

Access Control Lists 1129