deny (ip-prefix-list)

Creates and configures a deny prefix-list rule. The deny rule specifies match criteria based on which prefixes received from (or transmitted to) a BGP neighbor are filtered. A deny action is applied on these filtered prefixes. For example, in the BGP router neighbor context a filter is applied using a IP prefix list. The list contains a deny rule with a prefix to match as 192.168.13.0/24. All prefixes received from the neighbor matching this prefix are denied.

Supported in the following platforms:

  • Wireless Controllers — RFS 4000

  • Service Platforms — NX 95XX, NX 96XX

Syntax

deny prefix-list <1-4292967294> [<PREFIX-TO-MATCH/MASK>|any]
deny prefix-list <1-4292967294> [<PREFIX-TO-MATCH/MASK> {ge <0-32>|le <0-32>}|any]

Parameters

deny prefix-list <1-4292967294> [<PREFIX-TO-MATCH/MASK> {ge <0-32>|le <0-32>}|any]
deny prefix-list <1-4294967295> [<PREFIX-TO-MATCH/MASK>|any] Creates and configures a deny prefix-list rule
  • <1-4294967295> – Configures a sequence number for this deny rule. Specify a value from 1 - 4294967295. Within a prefix list, rules are applied in an ascending order of their sequence number. Rules with lower sequence number are applied first.
    • <PREFIX-TO-MATCH/MASK> – Specify the prefix to match. For example 10.0.0.0/8 or 192.168.13.0/24. Routes matching the specified prefix are filtered.
      • ge <0-32> – Optional. Specifies a greater than or equal to value for the IP prefix length (subnet mask)
      • le <0-32> – Optional. Specifies a less than or equal to value for the IP prefix length
      The ‘ge‘ and ‘le‘ options specify a IP prefix length range. Use these options to specify a more specific (granular) prefix match criteria.
      • any – Sets the prefix match criteria to any. When selected, all routes are filtered, and the action applied is deny. At the backend, this option sets the match criteria to 0.0.0.0/0 le 32.

Examples

nx9500-6C8809(config-bgp-ip-prefix-list-test)#deny prefix-list 1 168.192.13.0/24
nx9500-6C8809(config-bgp-ip-prefix-list-test)#show context
bgp ip-prefix-list test
 deny prefix-list 1 168.192.13.0/24
nx9500-6C8809(config-bgp-ip-prefix-list-test)#

Related Commands

no (ip-prefix-list) Removes a deny, ip-prefix-list rule from this IP prefix list