beautypg.com

Deny (ip) – Allied Telesis AT-S94 CLI (AT-8000S Series) User Manual

Page 28

background image

Page 27

Allied Telesis
AT-8000S-S94-3.0 Command Line Interface User’s Guide

mobile-registration-request, mobile-registration-reply, domain-name-request, domain-name-reply,
skip and photuris. (Range: 0-255)

icmp-code — Specifies an ICMP message code for filtering ICMP packets. ICMP packets that are filtered by

ICMP message type can also be filtered by the ICMP message code. (Range: 0-255)

igmp-type — IGMP packets can be filtered by IGMP message type. Enter a number or one of the following

values: dvmrp, host-query, host-report, pim or trace. (Range: 0-255)

destination-port — Specifies the UDP/TCP destination port. (Range: 0-65535)

source-port — Specifies the UDP/TCP source port. (Range: 0-65535)

list-of-flags — Specifies a list of TCP flags that can be triggered. If a flag is set, it is prefixed by “+”. If a flag is

not set, it is prefixed by “-”. Possible values: +urg, +ack, +psh, +rst, +syn, +fin, -urg, -ack, -psh, -rst, -syn
and -fin. The flags are concatenated into one string. For example: +fin-ack.

Default Configuration

No IPv4 ACL is defined.

Command Mode

Ip Access-list Configuration mode

User Guidelines

You enter IP-Access List configuration mode by using the ip access-list Global Configuration mode command.

Example

The following example defines a permit statement for an IP ACL.

deny (IP)

The deny IP Access List Configuration mode command sets conditions to not allow a packet to pass a named IP
Access List.

Syntax

deny [disable-port] {any| protocol} {any|{source source-wildcard}} {any|{destination destination-wildcard}} [dscp
number | ip-precedence number]

deny-icmp [disable-port] {any|{source source-wildcard}} {any|{destination destination-wildcard}} {any|icmp-
type
} {any|{icmp-code} [dscp number | ip-precedence number]

deny-igmp [disable-port] {any|{source source-wildcard}} {any|{destination destination-wildcard}} {any|igmp-
type
} [dscp number | ip-precedence number]

deny-tcp [disable-port] {any|{ source source-wildcard}} {any|source-port} {any|{ destination destination-
wildcard
}} {any|destination-port} [dscp number | ip-precedence number] [flags list-of-flags]

deny-udp [disable-port] {any|{ source source-wildcard}} {any| source-port} {any|{destination destination-
wildcard
}} {any|destination-port} [dscp number | ip-precedence number]

console(config)# ip access-list ip-acl1

console(config-ip-al)# permit rsvp 192.1.1.1 0.0.0.0 any dscp 56