Specifications

ManualsBrandsCisco ManualsComputer equipmentWAE-7326-K9

731

732

733

734

735

736

737

738

739

740

3-677

Cisco Wide Area Application Services Command Reference

OL-21611-01

Chapter 3 CLI Commands

(config-ext-nacl) deny

To add a line to an extended access list that specifies the type of packets that you want the WAAS device

to drop, use the deny extended ACL configuration command. To add a condition to the extended ACL,

note that the options depend on the chosen protocol.

For IP, use the following syntax to add a condition:

[insert line-num] deny {gre | icmp | tcp | udp | ip | proto-num} {source-ip [wildcard] |

host source-ip | any} {dest-ip [wildcard] | host dest-ip | any}

no deny {gre | icmp | tcp | udp | ip | proto-num} {source-ip [wildcard] | host source-ip | any}

{dest-ip [wildcard] | host dest-ip | any}

For TCP, use the following syntax to add a condition:

[insert line-num]

deny tcp {source-ip [wildcard] | host source-ip | any} [operator port [port]]

{dest-ip [wildcard] | host dest-ip | any} [operator port [port]] [established]

no deny tcp {source-ip [wildcard] | host source-ip | any} [operator port [port]]

{dest-ip [wildcard] | host dest-ip | any} [operator port [port]] [established]

For UDP, use the following syntax to add a condition:

[insert line-num] deny udp {source-ip [wildcard] |

host source-ip | any} [operator port [port]]

{dest-ip [wildcard] | host dest-ip | any} [operator port [port]]

no deny udp {source-ip [wildcard] | host source-ip | any} [operator port [port]]

{dest-ip [wildcard] | host dest-ip | any} [operator port [port]]

For ICMP, use the following syntax to add a condition:

[insert line-num] deny icmp {source-ip [wildcard] | host source-ip | any} {dest-ip [wildcard] |

host

dest-ip | any} [icmp-type [code] | icmp-msg]

no deny icmp {source-ip [wildcard] | host source-ip | any} {dest-ip [wildcard] | host dest-ip | any}

[icmp-type [code] | icmp-msg]

Syntax Description insert line-num (Optional) Specifies to insert the conditions following the specified line

number into the access list.

gre Specifies to match packets using the Generic Routing Encapsulation

protocol.

icmp Specifies to match ICMP packets.

tcp Specifies to match packets using the TCP protocol.

udp Specifies to match packets using the UDP protocol.

ip Specifies to match all IP packets.

proto-num IP protocol number.

source-ip Source IP address. The number of the network or host from which the

packet is being sent, specified as a 32-bit quantity in 4-part dotted-decimal

format (for example, 0.0.0.0).