Users Guide

Table Of Contents
icmp (Optional) Enter the ICMP address to deny.
ip (Optional) Enter the IP address to deny.
tcp (Optional) Enter the TCP address to deny.
udp (Optional) Enter the UDP address to deny.
A.B.C.D Enter the IP address in dotted decimal format.
A.B.C.D/x Enter the number of bits to match to the dotted decimal address.
any (Optional) Enter the keyword any to specify any source or destination IP address.
host ip-address (Optional) Enter the keyword and the IP address to use a host address only.
capture (Optional) Capture packets the filter processes.
count (Optional) Count packets the filter processes.
byte (Optional) Count bytes the filter processes.
dscp value (Optional) Deny a packet based on the DSCP values, from 0 to 63.
fragment (Optional) Use ACLs to control packet fragments.
log (Optional) Enables ACL logging. Information about packets that match an ACL rule are logged.
Default Not configured
Command Mode IPV4-ACL
Usage
Information
OS10 cannot count both packets and bytes; when you use the count byte options, only bytes
increment. The no version of this command removes the filter.
Example
OS10(config)# ip access-list testflow
OS10(conf-ipv4-acl)# deny udp any any
Supported
Releases
10.2.0E or later
deny (IPv6)
Configures a filter to drop packets with a specific IPv6 address.
Syntax
deny [protocol-number | icmp | ipv6 | tcp | udp] [A::B | A::B/x | any |
host ipv6-address] [A::B | A::B/x | any | host ipv6-address] [capture |
count | dscp value | fragment | log]
Parameters
protocol-number (Optional) Enter the protocol number identified in the IP header, from 0 to
255.
icmp (Optional) Enter the ICMP address to deny.
ipv6 (Optional) Enter the IPv6 address to deny.
tcp (Optional) Enter the TCP address to deny.
udp (Optional) Enter the UDP address to deny.
A::B Enter the IPv6 address in dotted decimal format.
A::B/x Enter the number of bits to match to the IPv6 address.
any (Optional) Enter the keyword any to specify any source or destination IP address.
host ipv6-address (Optional) Enter the keyword and the IPv6 address to use a host address
only.
capture (Optional) Capture packets the filter processes.
count (Optional) Count packets the filter processes.
byte (Optional) Count bytes the filter processes.
dscp value (Optional) Deny a packet based on the DSCP values, from 0 to 63.
fragment (Optional) Use ACLs to control packet fragments.
log (Optional) Enables ACL logging. Information about packets that match an ACL rule are logged.
Default Not configured
Command Mode IPV6-ACL
1256 Access Control Lists