no

Negates a command or sets the default for firewall policy commands

Supported on the following devices:

Access Points: AP5010, AP310i/e, AP410i/e, AP505i, AP510i, AP510e, AP560i, AP6522, AP6562, AP7161, AP7502, AP7522, AP7532, AP7562, AP7602, AP7612, AP7622, AP763, AP7662, AP8163, AP8543, AP8533.
Service Platforms: NX5500, NX7500, NX9500, NX9600
Virtual Platforms: CX9000, VX9000

Syntax

no [acl-logging|alg|clamp|dhcp-offer-convert|dns-snoop|firewall|flow|ip|ip-mac|
ipv6|ipv6-mac|logging|proxy-arp|proxy-nd|stateful-packet-inspection-l2|storm-control|
virtual-defragmentation]

no [acl-logging|dhcp-offer-convert|proxy-arp|proxy-nd|stateful-packet-inspection-l2]

no alg [dns|facetime|ftp|sccp|sip|tftp]

no clamp tcp-mss

no dns-snoop entry-timeout

no firewall enable

no flow dhcp stateful

no flow timeout [icmp|other|udp]

no flow timeout tcp [closed-wait|established|reset|setup|stateless-fin-or-reset|
stateless-general]

no ip dos {ascend|broadcast-multicast-icmp|chargen|fraggle|ftp-bounce|invalid-protocol|
ip-ttl-zero|ipsproof|land|option-route|router-advt|router-solicit|smurf|snork|tcp-bad-sequence|
tcp-fin-scan|tcp-intercept|tcp-null-scan|tcp-post-syn|tcp-sequence-past-window|tcp-xmas-scan|
tcphdrfrag|twinge|udp-short-hdr|winnuke}

no ip tcp [adjust-mss|optimize-unnecessary-resends|recreate-flow-on-out-of-state-syn|
validate-icmp-unreachable|validate-rst-ack-number|validate-rst-seq-number]

no ip-mac conflict

no ip-mac routing conflict

no ipv6 [dos|duplicate-options|firewall|option|rewrite-flow-label|routing-type|
strict-ext-hdr-check|unknown-options]

no ipv6 dos {hop-limit-zero|multicast-icmpv6|tcp-intercept-mobility}

no ipv6 [duplicate-options|routing-type [one|two]|strict-ext-hdr-check|unknown-options]

no ipv6 option {endpoint-identification|network-service-access-point|router-alert|
strict-hao-opt-alert|strict-padding}

no ipv6 [firewall enable|rewrite-flow-label]

no logging [icmp-all|icmp-packet-drop|verbose|malformed-packet-drop]

no storm-control [arp|broadcast|multicast|unicast] {fe <1-4>|ge <1-8>|log|
port-channel <1-8>|up1|wlan <WLAN-NAME>}

no virtual-defragmentation {maximum-fragments-per-datagram|minimum-first-fragment-length|
maximum-defragmentation-per-host|timeout}

Parameters

no <PARAMETERS>


no <PARAMETERS>	Removes this firewall policy settings or reverts settings to default value.

Examples

The following example shows the firewall policy 'test' settings before the 'no' command are executed:

nx9500-6C8809(config-fw-policy-testFW)#show context
firewall-policy testFW
 ip dos fraggle drop-only
 ip dos tcp-sequence-past-window drop-only
 ip dos tcp-max-incomplete high 600
 ip dos tcp-max-incomplete low 60
 storm-control broadcast level 20000 ge 4
 storm-control arp log warnings
 ip-mac conflict drop-only
 ip-mac routing conflict log-and-drop log-level notifications
 flow timeout icmp 16000
 flow timeout udp 10000
 flow timeout tcp established 1500
 flow timeout other 16000
 dhcp-offer-convert
 ipv6 routing-type two log-and-drop log-level warnings
 ipv6 dos hop-limit-zero drop-only
 alg facetime
 logging icmp-packet-drop rate-limited
 logging malformed-packet-drop all
 logging verbose
 virtual-defragmentation minimum-first-fragment-length 100
 virtual-defragmentation maximum-fragments-per-datagram 10
 dns-snoop entry-timeout 1200
 ipv6-mac routing conflict drop-only
nx9500-6C8809(config-fw-policy-testFW)#

nx9500-6C8809nx9500-6C8809(config-fw-policy-testFW)#no ip dos fraggle

nx9500-6C8809(config-fw-policy-testFW)#no storm-control arp log

nx9500-6C8809(config-fw-policy-testFW)#no dhcp-offer-convert

nx9500-6C8809(config-fw-policy-testFW)#no logging malformed-packet-drop

The following example shows the firewall policy 'test' settings after the 'no' commands are executed:

nx9500-6C8809(config-fw-policy-testFW)#show context
firewall-policy testFW
 no ip dos fraggle
 ip dos tcp-sequence-past-window drop-only
 ip dos tcp-max-incomplete high 600
 ip dos tcp-max-incomplete low 60
 storm-control broadcast level 20000 ge 4
 storm-control arp log none
 ip-mac conflict drop-only
 ip-mac routing conflict log-and-drop log-level notifications
 flow timeout icmp 16000
 flow timeout udp 10000
 flow timeout tcp established 1500
 flow timeout other 16000
 ipv6 routing-type two log-and-drop log-level warnings
 ipv6 dos hop-limit-zero drop-only
 alg facetime
 logging icmp-packet-drop rate-limited
 logging verbose
 virtual-defragmentation minimum-first-fragment-length 100
 virtual-defragmentation maximum-fragments-per-datagram 10
 dns-snoop entry-timeout 1200
 ipv6-mac routing conflict drop-only
nx9500-6C8809(config-fw-policy-testFW)#