deny tcp (for Extended IP ACLs)

Configure a filter that drops transmission control protocol (TCP) packets meeting the filter criteria.

Syntaxdeny tcp {source mask any host ip-address} [bit] [operator port [port]] {destination mask any host ip-address} [dscp] [bit] [operator port [port]] [count [byte]] [order] [fragments] [log [interval minutes] [threshold-in-msgs [count]] [monitor]

To remove this filter, you have two choices:

•Use the no seq sequence-numbercommand if you know the filter’s sequence number.

•Use the no deny tcp {source mask any host ip-address} {destination mask any host ip-address} command.

Parameters

Defaults

log

(OPTIONAL) Enter the keyword log to enable the triggering

 

of ACL log messages.

threshold-in

(OPTIONAL) Enter the threshold-in-msgskeyword

msgs count

followed by a value to indicate the maximum number of ACL

 

logs that can be generated, exceeding which the generation

 

of ACL logs is terminated. with the seq, permit, or deny

 

commands. The threshold range is from 1 to 100.

interval

(OPTIONAL) Enter the keyword interval followed by the

minutes

time period in minutes at which ACL logs must be generated.

 

The interval range is from 1 to 10 minutes.

monitor

(OPTIONAL) Enter the keyword monitor when the rule is

 

describing the traffic that you want to monitor and the ACL

 

in which you are creating the rule is applied to the monitored

 

interface.

By default, 10 ACL logs are generated if you do not specify the threshold explicitly.

The default frequency at which ACL logs are generated is five minutes. By default, flow-based monitoring is not enabled.

Command Modes

Command History

CONFIGURATION-EXTENDED-ACCESS-LIST

Version

Description

9.7(0.0)

Introduced on the S6000–ON.

9.4(0.0)

Added the support for flow-based monitoring on the S4810,

 

S4820T, S6000, and Z9000 platforms.

9.3(0.0)

Added the support for logging of ACLs on the S4810,

 

S4820T, and Z9000 platforms.

276

Access Control Lists (ACL)

Page 276
Image 276
Dell 9.7(0.0) manual Deny tcp for Extended IP ACLs, Parameters Defaults Log