Chapter 6
Security Commands
S e n d c o m m e n t s t o n x 5 0 0 0 - d o c f e e d b a c k @ c i s c o . c o m
deny (IPv4)
To create an IPv4 ACL rule that denies traffic matching its conditions, use the deny command. To
remove a rule, use the no form of this command.
General Syntax
Internet Control Message Protocol
Internet Group Management Protocol
Internet Protocol v4
Transmission Control Protocol
User Datagram Protocol
OL-16599-01
[sequence-number] deny protocol source destination {[dscp dscp] | [precedence precedence]}
[fragments] [log] [time-range time-range-name]
no deny protocol source destination {[dscp dscp] | [precedence precedence]} [fragments] [log]
[time-range time-range-name]
no sequence-number
[sequence-number] deny icmp source destination [icmp-message] {[dscp dscp] | [precedence
precedence]} [fragments] [log] [time-range time-range-name]
[sequence-number] deny igmp source destination [igmp-message] {[dscp dscp] | [precedence
precedence]} [fragments] [log] [time-range time-range-name]
[sequence-number] deny ip source destination {[dscp dscp] | [precedence precedence]}
[fragments] [log] [time-range time-range-name]
[sequence-number] deny tcp source [operator port [port] | portgroup portgroup] destination
[operator port [port] | portgroup portgroup] {[dscp dscp] | [precedence precedence]}
[fragments] [log] [time-range time-range-name] [flags] [established]
[sequence-number] deny udp source [operator port [port] | portgroup portgroup] destination
[operator port [port] | portgroup portgroup] {[dscp dscp] | [precedence precedence]}
[fragments] [log] [time-range time-range-name]
Cisco Nexus 5000 Series Command Reference
deny (IPv4)
6-15