Deny ( Ipv6 ) - Cisco 300 Series Cli Manual

ACL Commands
78-21075-01 Command Line Interface Reference Guide
User Guidelines
If a range of ports is used for source port in an ACE, it is not counted again, if it is
also used for a source port in another ACE. If a range of ports is used for the
destination port in an ACE, it is not counted again if it is also used for destination
port in another ACE.
The number of TCP/UDP ranges that can be defined in ACLs is limited. If a range of
ports is used for a source port in ACE, it is not counted again if it is also used for a
source port in another ACE. If a range of ports is used for destination port in ACE it
is not counted again if it is also used for destination port in another ACE.
If a range of ports is used for source port it is counted again if it is also used for
destination port.
Example
This example defines an ACL by the name of server and enters a rule (ACE) for tcp
packets.
switchxxxxxx(config)# ipv6 access-list server
switchxxxxxx(config-ipv6-al)# permit tcp 3001::2/64 any any 80
48.6

deny ( IPv6 )

Use the deny command in IPv6 Access List Configuration mode to set permit
conditions (ACEs) for IPv6 ACLs.
Syntax
protocol {any | {source-prefix/length}{any | destination- prefix/length} [dscp
deny
number | precedence number][time-range time-range-name] [disable-port |
log-input]
icmp {any | {source-prefix/length}{any | destination- prefix/length}
deny
{any| i cmp-type} {any| i cmp-code} [dscp number | precedence number][time-range
time-range-name] [disable-port | log-input]
tcp {any | {source-prefix/length} {any | source-port/port-range}}{any |
deny
destination- prefix/length} {any| destination-port/port-range} [dscp number |
precedence number] [match-all list-of-flags][time-range time-range-name]
[disable-port | log-input]
udp {any | {source-prefix/length}} {any | source-port/port-range}}{any |
deny
destination- prefix/length} {any| destination-port/port-range} [dscp number |
precedence number] [time-range time-range-name] [disable-port | log-input]
<
48
779