Deny - Brocade Communications Systems RFS4000 Cli Reference Manual

deny

Standard ACL config commands
Specifies packets to reject
Supported in the following platforms:
•
•
•
Syntax
Parameters
[<source-IP/Mask>|any|ho
st <IP>] {log}
{rule-precedence
<1-5000>}
Usage Guidelines
Use this command to deny traffic based on the source IP address or network address. The last ACE
in the access list is an implicit deny statement.
Whenever the interface receives the packet, its content is checked against all the ACEs in the ACL.
It is allowed/denied based on the ACL configuration.
NOTE
The log option is functional only for router ACL's. The log option results in an informational logging
message for the packet matching the entry sent to the console.
Example - denying traffic to the interface
The example below denies all traffic entering the interface (a log message is generated whenever
the interface receives a packet):
Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide
53-1001931-01
Mobility RFS4000 Controller
Mobility RFS6000 Controller
Mobility RFS7000 Controller
deny [<source-IP/Mask>|any|host <IP>] {log} {rule-precedence
<1-5000>}
Use with a deny command to reject packets
•
•
•
•
•
RFController(config-std-nacl)#deny any log rule-precedence 50
RFController(config-std-nacl)#
Standard ACL config commands
<source-IP/Mask>|any|host <IP> – The keyword
<source-IP> is the source IP address of the network or host
in dotted decimal format. The <Mask> is the network mask.
For example, 10.1.1.10/24 indicates the first 24 bits of the
source IP is used for matching.
any – any is an abbreviation for a source IP of 0.0.0.0 and
source-mask bits equal to 0
host – host is an abbreviation for the exact source <IP>
(A.B.C.D format) and source-mask bits equal to 32
log – Generates log messages when the packet coming from
the interface matches an ACL entry. Log messages are
generated only for router ACLs.
rule-precedence <1-5000> – Defines an integer value
between 1-5000. This value sets the rule precedence in the
ACL..
15
473