beautypg.com

Deny (ip) – Allied Telesis AT-S95 CLI User Manual

Page 28

background image

Page 16

Not approved by Document Control. For review only.

Allied Telesis

Command Line Interface User’s Guide

mobile-registration-request, mobile-registration-reply, domain-name-request, domain-name-reply,
skip and photuris. (Range: 0-255)

icmp-code — Specifies an ICMP message code for filtering ICMP packets. ICMP packets that are filtered by

ICMP message type can also be filtered by the ICMP message code. (Range: 0-255)

igmp-type — IGMP packets can be filtered by IGMP message type. Enter a number or one of the following

values: dvmrp, host-query, host-report, pim or trace. (Range: 0-255)

destination-port — Specifies the UDP/TCP destination port. (Range: 0-65535)

source-port — Specifies the UDP/TCP source port. (Range: 0-65535)

list-of-flags — Specifies a list of TCP flags that can be triggered. If a flag is set, it is prefixed by “+”. If a flag is

not set, it is prefixed by “-”. Possible values: +urg, +ack, +psh, +rst, +syn, +fin, -urg, -ack, -psh, -rst, -syn
and -fin. The flags are concatenated into one string. For example: +fin-ack.

Default Configuration

No IPv4 ACL is defined.

Command Mode

Ip Access-list Configuration mode

User Guidelines

You enter IP-Access List configuration mode by using the ip access-list Global Configuration mode command.

Example

The following example shows how to define a permit statement for an IP ACL.

deny (IP)

The deny IP Access List Configuration mode command sets conditions to not allow a packet to pass a named IP
Access List.

Syntax

deny [disable-port] {any| protocol} {any|{source source-wildcard}} {any|{destination destination-
wildcard}} [dscp number | ip-precedence number]

deny-icmp [disable-port] {any|{source source-wildcard}} {any|{destination destination-wildcard}}
{any|icmp-type} {any|icmp-code} [dscp number | ip-precedence number]

deny-igmp [disable-port] {any|{source source-wildcard}} {any|{destination destination-wildcard}}
{any|igmp-type} [dscp number | ip-precedence number]

deny-tcp [disable-port] {any|{ source source-wildcard}} {any|source-port} {any|{ destination
destination-wildcard}} {any|destination-port} [dscp number | ip-precedence number] [flags list-of-

Console(config)# ip access-list ip-acl1
Console(config-ip-al)# permit rsvp 192.1.1.1 0.0.0.0 any dscp 56

See also other documents in the category Allied Telesis Computer hardware: