no (ex3500-ext acl)

Removes a deny or permit access rule from this IPv4 EX3500 extended ACL

Supported in the following platforms:

  • Wireless Controllers — RFS4000
  • Service Platforms — NX5500, NX7500, NX9500, NX9600, VX9000

Syntax

no [deny|permit] [<0-255>|tcp|udp] [<SOURCE-NETWORK-IP/MASK>|any|host <SOURCE-HOST-IP>] 
[<DEST-NETWORK-IP/MASK>|any|host <DEST-HOST-IP>] [control-flag <0-63>|destination-port <0-65535>|
destination-port-bitmark <0-65535>|dscp <0-63>|ex3500-time-range <TIME-RANGE-NAME>|
ip-precedence <0-63>|rule-precedence <1-128>|source-port <0-65535>|source-port-bitmark <0-65535>]

Parameters

no <PARAMETERS>
no <PARAMETERS> Removes a deny or permit access rule based on the parameters passed

Usage Guidelines

The keyword ‘control-flag <0-63>‘ is only applicable to ACL rules filtering TCP traffic.

Examples

The following example shows the IPv4 EX3500 extended ACL ‘test‘ settings before the ‘no‘ commands are executed:

nx9500-6C8809(config-ip-ex3500-ext-acl-test)#show context
ip ex3500-ext-access-list test
 deny tcp 192.168.14.0/24 host 192.168.13.13 rule-precedence 1
 permit tcp 192.168.14.0/24 any control-flag 16 rule-precedence 2
nx9500-6C8809(config-ip-ex3500-ext-acl-test)#  
nx9500-6C8809(config-ip-ex3500-ext-acl-test)#no permit tcp 192.168.14.0/24 any control-flag 16 rule-precedence 2

The following example shows the IPv4 EX3500 extended ACL ‘test‘ settings after the ‘no‘ commands are executed:

nx9500-6C8809(config-ip-ex3500-ext-acl-test)#show context
ip ex3500-ext-access-list test
 deny tcp 192.168.14.0/24 host 192.168.13.13 rule-precedence 1
nx9500-6C8809(config-ip-ex3500-ext-acl-test)#