3com 3CRUS2475 Manuale Utente
deny (IP)
45
Example
The following example shows how to define a permit statement for an IP
ACL.
ACL.
deny (IP)
The deny IP-Access List Configuration mode command denies traffic if
the conditions defined in the deny statement match.
the conditions defined in the deny statement match.
Syntax
deny [disable-port] {any | protocol} {any | {source source-wildcard}}
{any | {destination destination-wildcard}} [dscp dscp number |
ip-precedence ip-precedence]
{any | {destination destination-wildcard}} [dscp dscp number |
ip-precedence ip-precedence]
deny-icmp
deny-igmp
deny-tcp
deny-udp
Parameters
■
disable-port — Specifies that the port is disabled.
■
source — Specifies the IP address or host name from which the packet
was sent. Specify any to indicate IP address 0.0.0.0 and mask
255.255.255.255.
was sent. Specify any to indicate IP address 0.0.0.0 and mask
255.255.255.255.
■
source-wildcard — (Optional for the first type) Specifies wildcard bits
by placing 1s in bit positions to be ignored. Specify any to indicate IP
address 0.0.0.0 and mask 255.255.255.255.
by placing 1s in bit positions to be ignored. Specify any to indicate IP
address 0.0.0.0 and mask 255.255.255.255.
■
destination — Specifies the IP address or host name to which the
packet is being sent. Specify any to indicate IP address 0.0.0.0 and
mask 255.255.255.255.
packet is being sent. Specify any to indicate IP address 0.0.0.0 and
mask 255.255.255.255.
■
destination-wildcard — (Optional for the first type) Specifies wildcard
bits by placing 1s in bit positions to be ignored. Specify any to
indicate IP address 0.0.0.0 and mask 255.255.255.255.
bits by placing 1s in bit positions to be ignored. Specify any to
indicate IP address 0.0.0.0 and mask 255.255.255.255.
■
protocol — Specifies the abbreviated name or number of an IP
protocol. The following table lists protocols that can be specified:
protocol. The following table lists protocols that can be specified:
Console(config)# ip access-list ip-acl1
Console(config-ip-al)# permit rsvp 192.1.1.1 0.0.0.0 any dscp56