Connectivity Guide
• count — (Optional) Count packets the lter processes.
• byte — (Optional) Count bytes the lter processes.
• dscp value — (Optional) Deny a packet based on the DSCP values, from 0 to 63.
• fragment — (Optional) Use ACLs to control packet fragments.
• log — (Optional) Enables ACL logging. Information about packets that match an ACL rule are logged.
Default Not congured
Command Mode IPV6-ACL
Usage Information OS10 cannot count both packets and bytes; when you use the count byte options, only bytes increment. The
no version of this command removes the lter.
The count, byte, and log options are not supported on the S5148F-ON platform.
Example
OS10(config)# ipv6 access-list ipv6test
OS10(conf-ipv6-acl)# deny icmp any any capture session 1
Supported Releases 10.2.0E or later
deny ip
Congures a lter to drop all or specic packets from an IPv4 address.
Syntax
deny ip [A.B.C.D | A.B.C.D/x | any | host ip-address] [[A.B.C.D | A.B.C.D/x |
any | host ip-address] [capture | dscp value | fragment]
Parameters
• A.B.C.D — Enter the IPv4 address in dotted decimal format.
• A.B.C.D/x — Enter the number of bits to match to the dotted decimal address.
• any — (Optional) Set all routes which are subject to the lter:
– capture — (Optional) Capture packets the lter processes.
– dscp value — (Optional) Deny a packet based on the DSCP values, from 0 to 63.
– fragment — (Optional) Use ACLs to control packet fragments.
• host ip-address — (Optional) Enter the IPv4 address to use a host address only.
Default Not congured
Command Mode IPV4-ACL
Usage Information The no version of this command removes the lter.
Example
OS10(config)# ip access-list testflow
OS10(conf-ipv4-acl)# deny ip any any capture session 1 count
Supported Releases 10.2.0E or later
deny ipv6
Congures a lter to drop all or specic packets from an IPv6 address.
Syntax
deny ipv6 [A::B | A::B/x | any | host ipv6–address] [A::B | A:B/x | any | host
ipv6–address] [capture | dscp | fragment]
900 Access Control Lists