Cisco Nexus 5000 Series Command Reference Release 4.0(1a)N2(1) (OL-16599-01, March 2009)
Send comments to nx5000-docfeedback@cisco.com
6-21
Cisco Nexus 5000 Series Command Reference
OL-16599-01
Chapter 6 Security Commands
deny (IPv4)
The following example shows how to specify the source argument with the host keyword and the
192.168.67.132 IPv4 address:
switch(config-acl)# deny icmp host 192.168.67.132 any
• Any address—You can use the any keyword to specify that a source or destination is any IPv4
address. For examples of the use of the any keyword, see the examples in this section. Each example
shows how to specify a source or destination by using the any keyword.
ICMP Message Types
The icmp-message argument can be the ICMP message number, which is an integer from 0 to 255. It can
also be one of the following keywords:
• administratively-prohibited—Administratively prohibited
• alternate-address—Alternate address
• conversion-error—Datagram conversion
• dod-host-prohibited—Host prohibited
• dod-net-prohibited—Net prohibited
• echo—Echo (ping)
• echo-reply—Echo reply
• general-parameter-problem—Parameter problem
• host-isolated—Host isolated
• host-precedence-unreachable—Host unreachable for precedence
• host-redirect—Host redirect
• host-tos-redirect—Host redirect for ToS
• host-tos-unreachable—Host unreachable for ToS
• host-unknown—Host unknown
• host-unreachable—Host unreachable
• information-reply—Information replies
• information-request—Information requests
• mask-reply—Mask replies
• mask-request—Mask requests
• mobile-redirect—Mobile host redirect
• net-redirect—Network redirect
• net-tos-redirect—Net redirect for ToS
• net-tos-unreachable—Network unreachable for ToS
• net-unreachable—Net unreachable
• network-unknown—Network unknown
• no-room-for-option—Parameter required but no room
• option-missing—Parameter required but not present
• packet-too-big—Fragmentation needed and DF set
• parameter-problem—All parameter problems