Quick Reference Guide

ManualsBrandsDell ManualsserversDell PowerConnect 3524

101

102

103

104

105

106

107

108

109

110

106 ACL Commands

www.dell.com | support.dell.com

DELL CONFIDENTIAL – PRELIMINARY 5/15/12 – FOR PROOF ONLY

deny (IP)

The deny IP-Access List Configuration mode command denies traffic if the conditions defined in

the deny statement match.

Syntax

•

deny

[

disable-port

] {

any

protocol

} {

any

source source-wildcard

}} {

any

destination

destination-wildcard

}} [

dscp

number

ip-precedence

number

]

•

deny-icmp

[

disable-port

] {

any

source source-wildcard

}} {

any

destination destination-

wildcard

}} {

any

icmp-type

} {

any

icmp-code

} [

dscp

number

ip-precedence

number

]

•

deny-igmp

[

disable-port

] {

any

source source-wildcard

}} {

any

destination destination-

wildcard

}} {

any

igmp-type

} [

dscp

number

ip-precedence

number

]

•

deny-tcp

[

disable-port

] {

any

source source-wildcard

}} {

any

source-port

} {

any

destination

destination-wildcard

}} {

any

destination-port

} [

dscp

number

ip-precedence number

] [

flags

list-of-flags

] [

src-port-wildcard

source-port-wildcard

] [

dst-port-wildcard

source-port-

wildcard

]

•

deny-udp

[

disable-port

] {

any

source source-wildcard

}} {

any

source-port

}

{

any

destination destination-wildcard

}} {

any

destination-port

} [

dscp

number

ip-precedence

number

] [

src-port-wildcard

source-port-wildcard

] [

dst-port-wildcard

source-port-wildcard

]

•

disable-port

— Specifies that the Ethernet interface is disabled if the condition is matched.

•

source

— Specifies the Source IP address of the packet.

•

source-wildcard

— Specifies wildcard bits to be applied to the source IP address by placing

1s in bit positions to be ignored.

•

destination

— Specifies the destination IP address of the packet.

•

destination- wildcard

— Specifies wildcard bits to be applied to the destination IP address

by placing 1s in bit positions to be ignored.

•

protocol

— Specifies the name or the number of an IP protocol. Available protocol names:

icmp, igmp, ip, tcp, egp, igp, udp, hmp, rdp, idpr, idrp, rsvp, gre, esp, ah, eigrp, ospf,

ipip, pim, l2tp, isis

. (Range: 0 - 255)

•

dscp

number

— Specifies the DSCP value.

•

ip-precedence

number

— Specifies the IP precedence value.

•

icmp-type

— Specifies an ICMP message type for filtering ICMP packets. Enter a number or

one of the following values:

echo-reply, destination-unreachable, source-quench,

redirect, alternate-host-address, echo-request, router-advertisement, router-

solicitation, time-exceeded, parameter-problem, timestamp, timestamp-reply,

information-request, information-reply, address-mask-request, address-mask-reply,

traceroute, datagram-conversion-error, mobile-host-redirect, mobile-registration-

request, mobile-registration-reply, domain-name-request, domain-name-reply, skip,

photuris