ACL Commands
deny (IPv6)
deny (IPv6)
Cisco 220 Series Smart Plus Switches Command Line Interface Reference Guide Release 1.0.0.x
Example
switchxxxxxx(config)# ip access-list extended server
switchxxxxxx(config-ip-acl)# deny ip 172.212.0.0/0.0.255.255 any
To set deny conditions for an IPv6-based ACL, use the deny IPv6 Access-List
Configuration mode command.
To remove an IPv6-based ACE, use the no sequence command.
Syntax
value
[sequence
] deny
prefix/length
number
} [dscp
value
[sequence
] deny
destination- prefix/length
number
precedence
] [disable-port]
value
[sequence
] deny
range
destination- prefix/length
} {any |
number
| precedence
value
[sequence
] deny
range
destination- prefix/length
} {any |
number
| precedence
value
no sequence
Parameters
value
•
sequence
based ACL. The acceptable range is from 1 to 2147483547. If not specified,
the switch provides a number starting from 1 in ascending order.
protocol
•
—The name or the number of an IP protocol. Available protocol
names are icmp (58), tcp (6), and udp (17). To match any protocol, use the
ipv6 keyword. (Range: 0 to 255)
source-prefix/length
•
which to set permit conditions. This argument must be in the format
protocol
source-prefix/length
{any |
number
| precedence
icmp
source-prefix
{any |
icmp-type
} {any |
} {any |
tcp
source-prefix/length
{any |
} {any|
number
list-of-flags
] [match-all
udp
source-prefix/length
{any |
} {any |
number
list-of-flags
] [match-all
—(Optional) Specifies the sequence number of the IPv6-
—The source IPv6 network or class of networks about
} {any |
] [disable-port]
source-prefix/length
{any |
icmp-code
} [dscp
source-port/port-
} {any |
destination-port/port-range
] [disable-port]
source-port/port-
} {any |
destination-port/port-range
] [disable-port]
4
destination-
} {any |
number
|
} [dscp
} [dscp
71