Cisco Nexus 5000 Series Command Reference Release 4.0(1a)N2(1) (OL-16599-01, March 2009)

Send comments to nx5000-docfeedback@cisco.com

6-17

Cisco Nexus 5000 Series Command Reference

OL-16599-01

Chapter 6 Security Commands

deny (IPv4)

dscp dscp (Optional) Specifies that the rule matches only those packets with the

specified 6-bit differentiated services value in the DSCP field of the IP

header. The dscp argument can be one of the following numbers or

keywords:

• 0–63—The decimal equivalent of the 6 bits of the DSCP field. For

example, if you specify 10, the rule matches only those packets that have

the following bits in the DSCP field: 001010.

• af11—Assured Forwarding (AF) class 1, low drop probability (001010)

• af12—AF class 1, medium drop probability (001100)

• af13—AF class 1, high drop probability (001110)

• af21—AF class 2, low drop probability (010010)

• af22—AF class 2, medium drop probability (010100)

• af23—AF class 2, high drop probability (010110)

• af31—AF class 3, low drop probability (011010)

• af32—AF class 3, medium drop probability (011100)

• af33—AF class 3, high drop probability (011110)

• af41—AF class 4, low drop probability (100010)

• af42—AF class 4, medium drop probability (100100)

• af43—AF class 4, high drop probability (100110)

• cs1—Class-selector (CS) 1, precedence 1 (001000)

• cs2—CS2, precedence 2 (010000)

• cs3—CS3, precedence 3 (011000)

• cs4—CS4, precedence 4 (100000)

• cs5—CS5, precedence 5 (101000)

• cs6—CS6, precedence 6 (110000)

• cs7—CS7, precedence 7 (111000)

• default—Default DSCP value (000000)

• ef—Expedited Forwarding (101110)