Deny (Ipv4) - Cisco Nexus 7000 Series Command Reference Manual

D Commands

deny (IPv4)

deny (IPv4)
To create an IPv4 ACL rule that denies traffic matching its conditions, use the deny command. To remove a
rule, use the no form of this command.
General Syntax
[ sequence-number ] deny protocol source destination [dscp dscp| precedence precedence] [fragments] [log]
[time-range time-range-name] [packet-length operator packet-length [ packet-length ]]
no deny protocol source destination [dscp dscp| precedence precedence] [fragments] [log] [time-range
time-range-name] [packet-length operator packet-length [ packet-length ]]
no sequence-number
Internet Control Message Protocol
[ sequence-number ] deny icmp source destination [icmp-message| icmp-type [ icmp-code ]] [dscp dscp|
precedence precedence] [fragments] [log] [time-range time-range-name] [packet-length operator
packet-length [ packet-length ]]
Internet Group Management Protocol
[ sequence-number ] deny igmp source destination [ igmp-message ] [dscp dscp| precedence precedence]
[fragments] [log] [time-range time-range-name] [packet-length operator packet-length [ packet-length ]]
Internet Protocol v4
[ sequence-number ] deny ip source destination [dscp dscp| precedence precedence] [fragments] [log]
[time-range time-range-name] [packet-length operator packet-length [ packet-length ]]
Transmission Control Protocol
[ sequence-number ] deny tcp source [operator port [ port ]| portgroup portgroup] destination [operator
port [ port ]| portgroup portgroup] [dscp dscp| precedence precedence] [fragments] [log] [time-range
time-range-name] [ flags ] [established] [packet-length operator packet-length [ packet-length ]]
User Datagram Protocol
[ sequence-number ] deny udp source [operator port [ port ]| portgroup portgroup] destination [operator
port [ port ]| portgroup portgroup] [dscp dscp| precedence precedence] [fragments] [log] [time-range
time-range-name] [packet-length operator packet-length [ packet-length ]]
Cisco Nexus 7000 Series Security Command Reference
228