Reference Guide

Usage Information Use dierent sequence numbers for the remark and the ACL rule. Congure up to 2147483647 remarks for a given

IPv4, IPv6, or MAC.

Example

OS10(conf-ipv4-acl)# remark 10 Deny rest of the traffic

OS10(conf-ipv4-acl)# remark 5 Permit traffic from XYZ Inc.

Supported Releases 10.2.0E or later

seq deny

Assigns a sequence number to deny IP addresses while creating the lter.

Syntax

address] [capture | count [byte] | dscp value | fragment]

Parameters

• sequence-number — Enter the sequence number to identify the ACL for editing and sequencing number,

from 0 to 2147483647.

• protocol-number — (Optional) Enter the protocol number, from 0 to 255.

• icmp — (Optional) Enter the ICMP address to deny.

• ip — (Optional) Enter the IP address to deny.

• tcp — (Optional) Enter the TCP address to deny.

• udp — (Optional) Enter the UDP address to deny.

• A.B.C.D — Enter the IP address in dotted decimal format.

• A.B.C.D/x — Enter the number of bits that must match the dotted decimal address.

• any — (Optional) Set all routes which are subject to the lter:

• capture — (Optional) Capture packets the lter processes.

• count — (Optional) Count packets the lter processes.

• byte — (Optional) Count bytes the lter processes.

• dscp value — (Optional) Permit a packet based on the DSCP values, from 0 to 63.

• fragment — (Optional) Use ACLs to control packet fragments.

• host ip-address — (Optional) Enter the IP address to use a host address only.

Default Not congured

Command Mode IPV4-ACL

Usage Information OS10 cannot count both packets and bytes; when you enter the count byte options, only bytes increment. The

no version of this command removes the lter, or use the no seq sequence-number command if you know

the lter’s sequence number.

Example

OS10(config)# ip access-list testflow

OS10(conf-ipv4-acl)# seq 10 deny tcp any any capture session 1 count

Supported Releases 10.2.0E or later

442 Access Control Lists