deny (ip-prefix-list)

Creates and configures a deny prefix-list rule. The deny rule specifies match criteria based on which prefixes received from (or transmitted to) a BGP neighbor are filtered. A deny action is applied on these filtered prefixes. For example, in the BGP router neighbor context a filter is applied using a IP prefix list. The list contains a deny rule with a prefix to match as All prefixes received from the neighbor matching this prefix are denied.

Supported in the following platforms:

  • Wireless Controllers — RFS 4000

  • Service Platforms — NX 95XX, NX 96XX


deny prefix-list <1-4292967294> [<PREFIX-TO-MATCH/MASK>|any]
deny prefix-list <1-4292967294> [<PREFIX-TO-MATCH/MASK> {ge <0-32>|le <0-32>}|any]


deny prefix-list <1-4292967294> [<PREFIX-TO-MATCH/MASK> {ge <0-32>|le <0-32>}|any]
deny prefix-list <1-4294967295> [<PREFIX-TO-MATCH/MASK>|any] Creates and configures a deny prefix-list rule
  • <1-4294967295> – Configures a sequence number for this deny rule. Specify a value from 1 - 4294967295. Within a prefix list, rules are applied in an ascending order of their sequence number. Rules with lower sequence number are applied first.
    • <PREFIX-TO-MATCH/MASK> – Specify the prefix to match. For example or Routes matching the specified prefix are filtered.
      • ge <0-32> – Optional. Specifies a greater than or equal to value for the IP prefix length (subnet mask)
      • le <0-32> – Optional. Specifies a less than or equal to value for the IP prefix length
      The ‘ge‘ and ‘le‘ options specify a IP prefix length range. Use these options to specify a more specific (granular) prefix match criteria.
      • any – Sets the prefix match criteria to any. When selected, all routes are filtered, and the action applied is deny. At the backend, this option sets the match criteria to le 32.


nx9500-6C8809(config-bgp-ip-prefix-list-test)#deny prefix-list 1
nx9500-6C8809(config-bgp-ip-prefix-list-test)#show context
bgp ip-prefix-list test
 deny prefix-list 1

Related Commands

no (ip-prefix-list) Removes a deny, ip-prefix-list rule from this IP prefix list