Connectivity Guide
• icmp — (Optional) Enter the ICMP address to deny.
• ipv6 — (Optional) Enter the IPv6 address to deny.
• tcp — (Optional) Enter the TCP address to deny.
• udp — (Optional) Enter the UDP address to deny.
• A::B — Enter the IPv6 address in dotted decimal format.
• A::B/x — Enter the number of bits to match to the IPv6 address.
• any — (Optional) Enter the keyword any to specify any source or destination IP address.
• host ipv6-address — (Optional) Enter the keyword and the IPv6 address to use a host address only.
• capture — (Optional) Capture packets the lter processes.
• count — (Optional) Count packets the lter processes.
• byte — (Optional) Count bytes the lter processes.
• dscp value — (Optional) Deny a packet based on the DSCP values, from 0 to 63.
• fragment — (Optional) Use ACLs to control packet fragments.
• log — (Optional) Enables ACL logging. Information about packets that match an ACL rule are logged.
Default Not congured
Command Mode IPV6-ACL
Usage Information OS10 cannot count both packets and bytes; when you use the count byte options, only bytes increment. The
no version of this command removes the lter.
The count, byte, and log options are not supported on the S5148F-ON platform.
Example
OS10(config)# ipv6 access-list ipv6test
OS10(conf-ipv6-acl)# deny ipv6 any any capture session 1
Supported Releases 10.2.0E or later
deny (MAC)
Congures a lter to drop packets with a specic MAC address.
Syntax
deny {nn:nn:nn:nn:nn:nn [00:00:00:00:00:00] | any} {nn:nn:nn:nn:nn:nn
[00:00:00:00:00:00] | any} [protocol-number | capture | cos | vlan]
Parameters
• nn:nn:nn:nn:nn:nn — Enter the MAC address of the network from or to which the packets are sent.
• 00:00:00:00:00:00 — (Optional) Enter which bits in the MAC address must match. If you do not enter a
mask, a mask of
00:00:00:00:00:00 applies.
• any — (Optional) Set routes which are subject to the lter.
– protocol-number — (Optional) MAC protocol number identied in the header, from 600 to .
– capture — (Optional) Capture packets the lter processes.
– cos — (Optional) CoS value, from 0 to 7.
– vlan — (Optional) VLAN number, from 1 to 4093.
Default Disabled
Command Mode MAC-ACL
Usage Information The no version of this command removes the lter.
898 Access Control Lists