Reference Guide
Network Security 241
deny protocol {any |source source-
wildcard} {any |destination destination-
wildcard} [dscp number | precedence number]
[time-range time-range-name]
deny icmp {any | source source-wildcard}
{any |destination destination-wildcard}
[any | icmp-type] [any | icmp-code] [dscp
number | precedence number] [time-range
time-range-name]
deny igmp {any | source source-wildcard}
{any | destination destination-wildcard}
[igmp-type] [dscp number | precedence
number] [time-range time-range-name]
deny tcp {any | source source-wildcard}
{any | source-port | port-range} {any |
destination destination-wildcard} {any |
destination-port/port-range} [dscp number
| precedence number] [match-a
ll list-of-
flags
] [time-range time-range-name]
deny udp {any | source source-wildcard}
{any | source-port | port-range} {any |
destination destination-wildcard} {any |
destination-port | port-range} [dscp
number | precedence number] [time-range
time-range-name]
Sets deny conditions
for IPv4 access list (in
access list
configuration mode).
Each form of this
command is relevant
to a specific protocol
(icmp, igmp, tcp,
udp)
Table 9-5. IP-Based ACE CLI Commands
(continued)
CLI Command Description