deny (ex3500-std acl)
Creates a deny rule that rejects packets
from a specified source or sources. The source can be a single device or a range of devices
within a specified network. Use this command to also edit an existing deny rule.
Supported in the
following platforms:
- Service Platforms —
NX5500, NX7500, NX9500, NX9600, VX9000
Syntax
deny [<SOURCE-NETWORK-IP/MASK>|any|host <SOURCE-HOST-IP>]
{ex3500-time-range <TIME-RANGE-NAME>}
Parameters
deny [<SOURCE-NETWORK-IP/MASK>|any|host <SOURCE-HOST-IP>]
{ex3500-time-range <TIME-RANGE-NAME>}
| deny [<SOURCE-NETWORK-IP/MASK>| any| host <SOURCE-HOST-IP>] |
Creates a deny rule that rejects packets from a specified source or a network.
Use one of the following options to specify the source: any, host, or network.
- <SOURCE-NETWORK-IP/MASK>
– Configures a network as the source. Provide the network‘s IPv4 address along
with the mask.
- host <SOURCE-HOST-IP> –
Configures a single device as the source. Provide the host device‘s IPv4
address.
- any – Specifies that the source
can be any device
|
| ex3500-time-range <TIME-RANGE-NAME> |
Optional. Applies a periodic or absolute time range to this deny rule
- <TIME-RANGE-NAME> – Specify the time range name
(should be existing and configured). The ACL is triggered
during the time period configured in the specified EX3500
time range. For information on configuring EX3500
time-range, see ex3500.
|
Examples
nx9500-6C8809(config-ip-ex3500-std-acl-test)#deny 192.168.14.0/24
nx9500-6C8809(config-ip-ex3500-std-acl-test)#show context
ip ex3500-std-access-list test
deny 192.168.13.0/24
nx9500-6C8809(config-ip-ex3500-std-acl-test)#
