OS10 Enterprise Edition User Guide Release 10.4.0E(R3)

PDF

deny

Configures a filter to drop packets with a specific IP address.

Syntax
deny [ protocol-number | icmp | ip | tcp | udp] [A.B.C.D | A.B.C.D/x | any | host ip-address] [A.B.C.D | A.B.C.D/x | any | host ip-address] [capture | count [byte] | dscp value | fragment]
Parameters
  • protocol-number — (Optional) Enter the protocol number identified in the IP header, from 0 to 255.
  • icmp — (Optional) Enter the ICMP address to deny.
  • ip — (Optional) Enter the IP address to deny.
  • tcp — (Optional) Enter the TCP address to deny.
  • udp — (Optional) Enter the UDP address to deny.
  • A.B.C.D — Enter the IP address in dotted decimal format.
  • A.B.C.D/x — Enter the number of bits to match to the dotted decimal address.
  • any — (Optional) Enter the filter type to subject routes to.
    • capture — (Optional) Capture packets the filter processes.
    • count — (Optional) Count packets the filter processes.
    • byte — (Optional) Count bytes the filter processes.
    • dscp value — (Optional) Deny a packet based on the DSCP values, from 0 to 63.
    • fragment — (Optional) Use ACLs to control packet fragments.
  • host ip-address — (Optional) Enter the keyword and the IP address to use a host address only.
Default
Not configured
Command Mode
IPV4-ACL
Usage Information
OS10 cannot count both packets and bytes; when you use the count byte options, only bytes increment. The no version of this command removes the filter.
Example
OS10(config)# ip access-list testflow
                                       OS10(conf-ipv4-acl)# deny udp any any 
                                    
Supported Releases
10.2.0E or later

Rate this content

Accurate
Useful
Easy to understand
Was this article helpful?
0/3000 characters
  Please provide ratings (1-5 stars).
  Please provide ratings (1-5 stars).
  Please provide ratings (1-5 stars).
  Please select whether the article was helpful or not.
  Comments cannot contain these special characters: <>()\