deny (ex3500-std acl)

Creates a deny rule that rejects packets from a specified source or sources. The source can be a single device or a range of devices within a specified network. Use this command to also edit an existing deny rule.

Supported in the following platforms:

  • Wireless Controllers — RFS4000
  • Service Platforms — NX5500, NX7500, NX9500, NX9600, VX9000


{ex3500-time-range <TIME-RANGE-NAME>}


{ex3500-time-range <TIME-RANGE-NAME>}
deny [<SOURCE-NETWORK-IP/MASK>| any| host <SOURCE-HOST-IP>] Creates a deny rule that rejects packets from a specified source or a network. Use one of the following options to specify the source: any, host, or network.
  • <SOURCE-NETWORK-IP/MASK> – Configures a network as the source. Provide the network‘s IPv4 address along with the mask.
  • host <SOURCE-HOST-IP> – Configures a single device as the source. Provide the host device‘s IPv4 address.
  • any – Specifies that the source can be any device
ex3500-time-range <TIME-RANGE-NAME> Optional. Applies a periodic or absolute time range to this deny rule
  • <TIME-RANGE-NAME> – Specify the time range name (should be existing and configured). The ACL is triggered during the time period configured in the specified EX3500 time range. For information on configuring EX3500 time-range, see ex3500.


nx9500-6C8809(config-ip-ex3500-std-acl-test)#show context
ip ex3500-std-access-list test


Related Commands

no (ex3500-std acl) Removes a specified deny access rule from this IPv4 EX3500 standard ACL