Command Line Reference Guide
This feature is particularly useful when looking for malicious traffic. It is available for
Layer 2 and Layer 3 ingress and egress traffic. You may specify traffic using
standard or extended access-lists. This mechanism copies all incoming or outgoing
packets on one port and forwards (mirrors) them to another port. The source port
is the monitored port (MD) and the destination port is the monitoring port (MG).
Related
Commands
deny – assigns a filter to deny IP traffic.
deny udp – assigns a filter to deny UDP traffic.
deny icmp (for Extended IPv6 ACLs)
Configure a filter to drop all or specific ICMP messages.
Syntax
deny icmp {source address mask | any | host ipv6-address}
{destination address | any | host ipv6-address} [count [byte]]
| [log [interval minutes] [threshold-in-msgs [count]] [monitor]
To remove this filter, you have two choices:
• Use the no seq sequence-number command syntax if you know the filter’s
sequence number
• Use the no deny icmp {source address mask | any | host ipv6-
address} {destination address | any | host ipv6-address}
command
Parameters `
source Enter the IPv6 address of the network or host from which the
packets were sent.
mask Enter a network mask in /prefix format (/x) or A.B.C.D. The
mask, when specified in A.B.C.D format, may be either
contiguous or non-contiguous.
any Enter the keyword any to specify that all routes are subject
to the filter.
host ipv6–
address
Enter the keyword host then the IPv6 address to specify a
host IP address.
destination Enter the IPv6 address of the network or host to which the
packets are sent.
count (OPTIONAL) Enter the keyword count to count packets
processed by the filter.
byte (OPTIONAL) Enter the keyword byte to count bytes
processed by the filter.
log (OPTIONAL) Enter the keyword log to enable the triggering
of ACL log messages.
282
Access Control Lists (ACL)