Manualshelf

Specifications

ManualsBrandsCisco ManualsComputer equipmentEngine 611
481482483484485486487488489490
3-442
Cisco Wide Area Application Services Command Reference
OL-11817-01
Chapter 3 CLI Commands
(config-std-nacl) deny
(config-std-nacl) deny
To add a line to a standard access-list that specifies the type of packets that you want the WAAS device
to drop, use the deny command.
[insert line-num] deny {source-ip [wildcard] | host source-ip | any}
To negate a standard IP ACL, use the following syntax.
no deny {source-ip [wildcard] | host source-ip | any}
Syntax Description
Defaults An access list drops all packets unless you configure at least one permit entry.
Command Modes Standard ACL configuration mode
Device Modes application-accelerator
central-manager
Usage Guidelines To create an entry, use a deny or permit keyword and specify the type of packets that you want the
WAAS device to drop or to accept for further processing. By default, an access list denies everything
because the list is terminated by an implicit deny any entry. Therefore, you must include at least one
permit entry to create a valid access list.
You typically use a standard access list to allow connections from a host with a specific IP address or
from hosts on a specific network. To allow connections from a specific host, use the permit host
source-ip option and replace source-ip with the IP address of the specific host.
insert (Optional) Inserts the conditions following the specified line number into
the access list.
line-num Entry at a specific line number in the access list.
deny Causes packets that match the specified conditions to be dropped.
source-ip Source IP address. The number of the network or host from which the
packet is being sent, specified as a 32-bit quantity in 4-part dotted-decimal
format (for example, 0.0.0.0).
wildcard (Optional) Portions of the preceding IP address to match, expressed using
4-digit, dotted-decimal notation. Bits to match are identified by a digital
value of 0; bits to ignore are identified by a 1.
Note For standard IP ACLs, the wildcard parameter of the ip access-list
command is always optional. If the host keyword is specified for a
standard IP ACL, then the wildcard parameter is not allowed.
host Matches the following IP address.
any Matches any IP address.