16-4
Motorola RF Switch CLI Reference Guide
16.1.2 deny
Standard ACL Config Commands
Specifies packets to reject
Supported in the following platforms:
• RFS7000
• RFS6000
• RFS4000
Syntax
deny [<source-IP/Mask>|any|host <IP>] {log} {rule-precedence
<1-5000>}
Parameters
[<source-IP/
Mask>|any|host <IP>]
{log} {rule-precedence
<1-5000>}
Usage Guidelines
Use this command to deny traffic based on the source IP address or network address. The
last ACE in the access list is an implicit deny statement.
Use with a deny command to reject packets
• <source-IP/Mask>|any|host <IP> – The keyword <source-
IP> is the source IP address of the network or host in
dotted decimal format. The <Mask> is the network mask.
For example, 10.1.1.10/24 indicates the first 24 bits of the
source IP is used for matching
• any – any is an abbreviation for a source IP of 0.0.0.0 and
source-mask bits equal to 0
• host – host is an abbreviation for the exact source <IP>
(A.B.C.D format) and source-mask bits equal to 32
• log – Generates log messages when the packet coming
from the interface matches an ACL entry. Log messages
are generated only for router ACLs
• rule-precedence <1-5000> – Defines an integer value
between 1-5000. This value sets the rule precedence in
the ACL