Specifications
deny (ip access-list extended)
274
deny (ip access-list extended)
Specifies the conditions by which the IPv4 packet filter denies access.
Syntax
To set or change information:
When upper-layer protocols are other than TCP and UDP
[<Seq>] deny {ip | <Protocol> | icmp | igmp } {<Src IPv4> <Src IPv4
wildcard>
| host <Src IPv4> | any} {<Dst IPv4> <Dst IPv4 wildcard> | host
<Dst IPv4> | any} [{[tos <TOS>] [precedence <Precedence>] | dscp
<DSCP>}] [vlan <VLAN ID>] [user-priority <Priority>]
When the upper-layer protocol is TCP
[<Seq>] deny tcp {<Src IPv4> <Src IPv4 wildcard> | host <Src IPv4> |
any}[eq
<Src port>] {<Dst IPv4> <Dst IPv4 wildcard> | host <Dst IPv4>
| any} [eq <Dst port> ] [ack] [fin] [psh] [rst] [syn] [urg] [{[tos
<TOS>] [precedence <Precedence>] | dscp <DSCP>}] [vlan <VLAN
ID>
] [user-priority <Priority>]
When the upper-layer protocol is UDP
[<Seq>] deny udp {<Src IPv4> <Src IPv4 wildcard> | host <Src IPv4>
| any}[eq
<Src port>] {<Dst IPv4> <Dst IPv4 wildcard> | host <Dst IPv4>
| any} [eq <Dst port>] [{[tos <TOS>] [precedence <Precedence>] |
dscp <DSCP>}] [vlan <VLAN ID>] [user-priority <Priority>]
To delete information:
no <Seq>
Input mode
(config-ext-nacl)
Parameters
<Seq>
Specifies the sequence in which filter conditions are applied.
1. Default value when this parameter is omitted:
10 is set as the initial value if there are no conditions in the access list.
If conditions have been set, the initial value is the maximum value for the
application sequence that has been set plus 10.
Note, however, that if the maximum value for the application sequence is
greater than 4294967285, the value cannot be omitted.
2. Range of values:
Specify 1 to 4294967295 in decimal.
{ip | <Protocol> | icmp | igmp | tcp | udp}
Specifies the upper-layer protocol condition for IPv4 packets.
Note that if all protocols are applicable, specify
ip.
1. Default value when this parameter is omitted:
This parameter cannot be omitted.
2. Range of values:
- <Protocol>: