Reference Guide
The monitor option is relevant in the context of flow-based monitoring only. For more
information, refer to the Port Monitoring chapter.
The C-Series and S-Series cannot count both packets and bytes, when you enter the count
byte options, only bytes are incremented.
NOTE: When ACL logging and byte counters are configured simultaneously, byte counters
may display an incorrect value. Configure packet counters with logging instead.
Related
Commands
deny tcp — assigns a filter to deny TCP packets.
deny udp — assigns a filter to deny UDP packets.
ip access-list extended — creates an extended ACL.
deny icmp
To drop all or specific internet control message protocol (ICMP) messages, configure a filter.
S4820T
Syntax
deny icmp {source mask | any | host ip-address} {destination
mask | any | host ip-address} [dscp] [message-type] [count
[byte] | log] [order] [monitor] [fragments]
To remove this filter, you have two choices:
• Use the no seq sequence-number command if you know the filter’s sequence
number.
• Use the no deny icmp {source mask | any | host ip-address}
{destination mask | any | host ip-address} command.
Parameters
source
Enter the IP address of the network or host from which the packets
were sent.
mask
Enter a network mask in /prefix format (/x) or A.B.C.D. The mask,
when specified in A.B.C.D format, may be either contiguous or non-
contiguous.
any Enter the keyword any to specify that all routes are subject to the
filter.
host
ip-address
Enter the keyword host then the IP address to specify a host IP
address.
destination
Enter the IP address of the network or host to which the packets are
sent.
dscp Enter this keyword dscp to deny a packet based on the DSCP value.
The range is from 0 to 63.
message-type
(OPTIONAL) Enter an ICMP message type, either with the type (and
code, if necessary) numbers or with the name of the message type.
The range is from 0 to 255 for ICMP type and from 0 to 255 for ICMP
code.
count (OPTIONAL) Enter the keyword count to count packets processed
by the filter.
192