Deny (Arp) - Cisco Nexus 7000 Series Command Reference Manual

deny (ARP)

deny (ARP)
To create an ARP ACL rule that denies ARP traffic that matches its conditions, use the deny command. To
remove a rule, use the no form of this command.
General Syntax
[ sequence-number ] deny ip {any| host sender-IP| sender-IP sender-IP-mask} mac {any| host sender-MAC|
sender-MAC sender-MAC-mask} [log]
[ sequence-number ] deny request ip {any| host sender-IP| sender-IP sender-IP-mask} mac {any| host
sender-MAC| sender-MAC sender-MAC-mask} [log]
[ sequence-number ] deny response ip {any| host sender-IP| sender-IP sender-IP-mask} {any| host target-IP|
target-IP target-IP-mask} mac {any| host sender-MAC| sender-MAC sender-MAC-mask} [any| host
target-MAC| target-MAC target-MAC-mask] [log]
no sequence-number
no deny ip {any| host sender-IP| sender-IP sender-IP-mask} mac {any| host sender-MAC| sender-MAC
sender-MAC-mask} [log]
no deny request ip {any| host sender-IP| sender-IP sender-IP-mask} mac {any| host sender-MAC|
sender-MAC sender-MAC-mask} [log]
no deny response ip {any| host sender-IP| sender-IP sender-IP-mask} {any| host target-IP| target-IP
target-IP-mask} mac {any| host sender-MAC| sender-MAC sender-MAC-mask} [any| host target-MAC|
target-MAC target-MAC-mask] [log]
Syntax Description
sequence-number
ip
Cisco Nexus 7000 Series Security Command Reference
224
(Optional) Sequence number of the deny command,
which causes the device to insert the command in that
numbered position in the access list. Sequence
numbers maintain the order of rules within an ACL.
A sequence number can be any integer between 1 and
4294967295.
By default, the first rule in an ACL has a sequence
number of 10.
If you do not specify a sequence number, the device
adds the rule to the end of the ACL and assigns a
sequence number that is 10 greater than the sequence
number of the preceding rule.
Use the resequence command to reassign sequence
numbers to rules.
Introduces the IP address portion of the rule.
D Commands