Cisco Nexus 7000 Series Security Command Reference - Cisco Nexus 7000 Series Command Reference Manual

deny (IPv4)
Command Modes
IPv4 ACL configuration
Command History
Release
4.1(2)
4.0(1)
Usage Guidelines
When the device applies an IPv4 ACL to a packet, it evaluates the packet with every rule in the ACL. The
device enforces the first rule that has conditions that are satisfied by the packet. When the conditions of more
than one rule are satisfied, the device enforces the rule with the lowest sequence number.
This command does not require a license.
Protocol
You can specify the protocol of packets that the rule applies to by the protocol name or the number of the
protocol. If you want the rule to apply to all IPv4 traffic, use the ip keyword.
The protocol keyword that you specify affects the additional keywords and arguments that are available.
Unless otherwise specified, only the other keywords that apply to all IPv4 protocols are available. Those
keywords include the following:
•
Valid protocol numbers are from 0 to 255.
Valid protocol names are the following keywords:
• ahp—Specifies that the rule applies to authentication header protocol (AHP) traffic only.
• eigrp—Specifies that the rule applies to Enhanced Interior Gateway Routing Protocol (EIGRP) traffic
• esp—Specifies that the rule applies to Encapsulating Security Protocol (ESP) traffic only.
• gre—Specifies that the rule applies to General Routing Encapsulation (GRE) traffic only.

Cisco Nexus 7000 Series Security Command Reference

236
Modification
Support was added for the following:
This command was introduced.
◦
dscp
◦ fragments
◦ log
◦ packet-length
◦ precedence
◦ time-range
only.
• The ahp, eigrp, esp, gre, nos, ospf, pcp, and pim protocol keywords.
• The packet-length keyword.
D Commands