Deny IP

To set conditions for a named IP access list, use the deny access-list configuration command. To remove a deny condition from an access list, use the no form of this command.

no deny {source [source-wildcard] | any}

deny protocol source source-wildcard destination destination-wildcard [precedence precedence] [tos tos] [log] [fragments]

no deny protocol source source-wildcard destination destination-wildcard

ICMP

deny icmp source source-wildcard destination destination-wildcard [icmp-type [icmp-code] | icmp-message] [precedence precedence] [tos tos] [log] [fragments]

IGMP

deny igmp source source-wildcard destination destination-wildcard [igmp-type] [precedence precedence] [tos tos] [log] [fragments]

deny tcp source source-wildcard [operatorport [port]] destination destination-wildcard [operator port [port]] [established] [precedence precedence] [tos tos] [log] [fragments]

deny udp source source-wildcard [operator port [port]] destination destination-wildcard [operatorport [port]] [precedence precedence] [tos tos] [log] [fragments]

Syntax Description source Number of the network or host from which the packet is being sent. There are two alternative ways to specify the source:

Use a 32-bit quantity in four-part, dotted-decimal format.

Use the keyword any as an abbreviation for a source and source-wildcard of 0.0.0.0 255.255.255.255.

source-wildcard (Optional) Wildcard bits to be applied to the source. There are two alternative ways to specify the source wildcard:

Use a 32-bit quantity in four-part, dotted-decimal format. Place ones in the bit positions you want to ignore.

Use the keyword any as an abbreviation for a source and source-wildcard of 0.0.0.0 255.255.255.255.

protocol Name or number of an IP protocol. It can be one of the keywords

Was this article helpful?

0 0

Post a comment