Specifications
ip-policy deny
296 SSR Command Line Interface Reference Manual
ip-policy deny
Purpose
Specifies which packets cannot be subject to policy-based routing.
Format
ip-policy <name> deny acl <aclname>|everything-else [sequence <num>]
Mode
Configure
Description
The ip-policy deny command allows you to specifically prevent packets matching a
profile from being forwarded with an IP policy. These packets are routed using dynamic
routes instead.
Note:
Since there is an implicit deny rule at the end of all IP policies, all packets that do
not match any policy are forwarded using dynamic routes.
Parameters
<name>
Is the name of an IP policy.
acl <aclname>
Is the name of the ACL profile of the packets to be excluded from IP policy-based
forwarding. Profiles are defined with the acl command. The ACL may contain either
permit or deny keywords. The ip-policy deny command only looks at the following
ACL rule parameter values: protocol, source IP address, destination IP address,
source port, destination port, and TOS.
everything-else
Keyword that specifies an action to be performed for packets that do not match any of
the previously-defined ACLs. Specifies that packets that are not specifically
permitted to use policy-based routing are forwarded using dynamic routes.
sequence <num>
If an IP policy is composed of more than one ip-policy statement, specifies the order