Table of Contents
Advertisement
deny (advance access-list)
Specifies the conditions by which the Advance filter denies access.
Input format
To set or change information:
[
<sequence>
[
<sequence>
[
<sequence>
filter-condition
For
For
] deny mac {
] deny mac-ip {
] deny mac-ipv6 {
mac {
}
filter-condition
This filter condition is used to perform flow detection based on MAC header
conditions.
mac {
<source mac> <source mac mask>
{
<destination mac> <destination mac mask>
| bpdu | cdp | lacp | lldp | oadp | pvst-plus-bpdu | slow-protocol}
[
][vlan {
<ethernet type>
][{ctag-untagged | [ctag-user-priority
<priority>
[ctag-vlan
<vlan id>
mac-ip {
filter-condition
This filter condition is used to perform flow detection based on MAC header
conditions, IPv4 header conditions, or Layer 4 header conditions.
When "packet is not fragmented" is a condition, and the upper-layer
-
protocol is other than TCP, UDP, ICMP, and IGMP
mac-ip {
<source mac> <source mac mask>
any} {
<destination mac> <destination mac mask>
| any | bpdu | cdp | lacp | lldp | oadp | pvst-plus-bpdu
mac>
| slow-protocol} {ip |
own-address}
own-address} | any | own | range-address
<source ipv4 end>
<destination ipv4 wildcard>
own-address} | any | own | range-address
<destination ipv4 end>
| dscp
<dscp>
[user-priority
[ctag-user-priority
When "packet is not fragmented" is a condition, and the upper-layer
-
protocol is TCP
mac-ip {
<source mac> <source mac mask>
any} {
<destination mac> <destination mac mask>
| any | bpdu | cdp | lacp | lldp | oadp | pvst-plus-bpdu
mac>
| slow-protocol} tcp {{
ipv4 wildcard>
| range-address
neq}
<source port>
{{
<destination ipv4>
host {
<destination ipv4>
range-address
[{{eq | neq}
<destination port end>
[{fin | +fin | -fin}] [{psh | +psh | -psh}] [{rst | +rst |
-rst}] [{syn | +syn | -syn}] [{urg | +urg | -urg}]}] [{[tos
}[
filter-condition
action-specification
}[
filter-condition
filter-condition
:
|
<vlan id>
<vlan id list name>
]}]
}
:
<protocol>
<source ipv4 wildcard>
} {{
<destination ipv4>
| host {
} [{[tos
<tos>
}] [vlan {
<vlan id>
][{ctag-untagged |
<priority>
] [ctag-vlan
<priority>
<source ipv4>
| host {
<source ipv4>
<source ipv4 start> <source ipv4 end>
| range
<source port start> <source port end>
| own-address}
| own-address} | any | own |
<destination ipv4 start> <destination ipv4 end>
<destination port>
}] [{[established] | [{ack | +ack | -ack}]
]
]
action-specification
}[
action-specification
| host
<source mac>
| host
<destination mac>
}] [user-priority
<priority>
| host
<source mac>
| host
} {{
<source ipv4>
| host {
<source ipv4>
<source ipv4 start>
| own-address}
<destination ipv4>
<destination ipv4 start>
] [precedence
<precedence>
|
<vlan id list name>
<vlan id>
| host
<source mac>
| host
| own-address}
| own-address} | any | own
<destination ipv4 wildcard>
| range
<destination port start>
]
| any}
| any
]
|
<destination
|
|
|
]
}]
]}]
|
<destination
<source
} [{{eq |
}]
|
}
121
Advertisement
Table of Contents
Troubleshooting
