Connectivity Guide
Supported Releases 10.2.0E or later
deny
Congures a lter to drop packets with a specic IP address.
Syntax
deny [protocol-number | icmp | ip | tcp | udp] [A.B.C.D | A.B.C.D/x | any |
host ip-address] [A.B.C.D | A.B.C.D/x | any | host ip-address] [capture | count
| dscp value | fragment | log]
Parameters
• protocol-number — (Optional) Enter the protocol number identied in the IP header, from 0 to 255.
• icmp — (Optional) Enter the ICMP address to deny.
• ip — (Optional) Enter the IP address to deny.
• tcp — (Optional) Enter the TCP address to deny.
• udp — (Optional) Enter the UDP address to deny.
• A.B.C.D — Enter the IP address in dotted decimal format.
• A.B.C.D/x — Enter the number of bits to match to the dotted decimal address.
• any — (Optional) Enter the keyword any to specify any source or destination IP address.
• host ip-address — (Optional) Enter the keyword and the IP address to use a host address only.
• capture — (Optional) Capture packets the lter processes.
• count — (Optional) Count packets the lter processes.
• byte — (Optional) Count bytes the lter processes.
• dscp value — (Optional) Deny a packet based on the DSCP values, from 0 to 63.
• fragment — (Optional) Use ACLs to control packet fragments.
• log — (Optional) Enables ACL logging. Information about packets that match an ACL rule are logged.
Default Not congured
Command Mode IPV4-ACL
Usage Information OS10 cannot count both packets and bytes; when you use the count byte options, only bytes increment. The
no version of this command removes the lter.
The count, byte, and log options are not supported on the S5148F-ON platform.
Example
OS10(config)# ip access-list testflow
OS10(conf-ipv4-acl)# deny udp any any
Supported Releases 10.2.0E or later
deny (IPv6)
Congures a lter to drop packets with a specic IPv6 address.
Syntax
deny [protocol-number | icmp | ipv6 | tcp | udp] [A::B | A::B/x | any | host
ipv6-address] [A::B | A::B/x | any | host ipv6-address] [capture | count | dscp
value | fragment | log]
Parameters
• protocol-number — (Optional) Enter the protocol number identied in the IP header, from 0 to 255.
Access Control Lists 897