Deny (Ip) - Cisco 220 Series Smart Plus Reference Manual

ACL Commands

deny (IP)

deny (IP)
Cisco 220 Series Smart Plus Switches Command Line Interface Reference Guide Release 1.0.0.x
• disable-port—(Optional) Disables the Ethernet interface if the condition is
matched.
Default Configuration
No MAC-based ACE is defined.
Command Mode
MAC Access-List Configuration mode
User Guidelines
After an ACE is added to an ACL, an implicit deny any any condition exists at the
end of the list. That is, if there are no matches, the packets are denied. However,
before the first ACE is added, the list permits all packets.
Example
switchxxxxxx(config)# mac access-list extended server1
switchxxxxxx(config-mac-acl)# deny 00:00:00:00:00:01 00:00:00:00:00:ff any
To set deny conditions for an IPv4-based ACL, use the deny IP Access-List
Configuration mode command.
To remove an IPv4-based ACE, use the no sequence command.
Syntax
value
[sequence ] deny
destination-wildcard
value
[sequence ] deny
destination-wildcard
number
precedence ] [disable-port]
value
[sequence ] deny
range destination destination-wildcard
} }{any |
number
[dscp | precedence
protocol source source-wildcard
{any |
} [dscp number | precedence
icmp source source-wildcard
{any |
icmp-type
} [any | ] [any |
tcp source source-wildcard
{any | {
number
] [match-all
} {any |
number ] [disable-port]
destination
} {any |
icmp-code number
] [dscp
source-port
} {any |
destination-port
} {any |
list-of-flags
] [disable-port]
4
destination
|
port-
/
port-range
/ }
68