NOTE: Also refer to the Commands Common to all ACL Types and Common IP ACL Commands sections.

deny

Configure a filter that drops IP packets meeting the filter criteria.

Syntaxdeny {ip ip-protocol-number} {source mask any host ip- address} {destination mask any host ip-address} [count [byte] log] [dscp value] [order] [monitor] [fragments]

To remove this filter, you have two choices:

•Use the no seq sequence-numbercommand if you know the filter’s sequence number.

•Use the no deny {ip ip-protocol-number} {source mask any host ip-address} {destination mask any host ip-address}command.

Parameters

Enter the keyword ip to configure a generic IP access list.

ip

 

The keyword ip specifies that the access list denies all IP

 

protocols.

ip-protocol-

Enter a number from 0 to 255 to deny based on the protocol

number

identified in the IP protocol header.

source

Enter the IP address of the network or host from which the

 

packets were sent.

mask

Enter a network mask in /prefix format (/x) or A.B.C.D. The

 

mask, when specified in A.B.C.D format, may be either

 

contiguous or noncontiguous.

any

Enter the keyword any to specify that all routes are subject

 

to the filter.

host ip-address

Enter the keyword host then the IP address to specify a host

 

IP address.

destination

Enter the IP address of the network or host to which the

 

packets are sent.

count

(OPTIONAL) Enter the keyword count to count packets that

 

the filter processes.

byte

(OPTIONAL) Enter the keyword byte to count bytes that the

 

filter processes.

log

(OPTIONAL, E-Series only) Enter the keyword log to enter

 

ACL matches in the log.

dscp

(OPTIONAL) Enter the keyword dcsp to match to the IP

 

DCSCP values.

order

(OPTIONAL) Enter the keyword order to specify the QoS

 

priority for the ACL entry. The range is from 0 to 254 (where

 

0 is the highest priority and 254 is the lowest; lower-order

198

Access Control Lists (ACL)

Page 198
Image 198
Dell 9.7(0.0) manual Ip-protocol, Destination, Byte