Deny ( ip ) – Dell PowerEdge VRTX User Manual

ACL Commands

727

FILE LOCATION: C:\Users\gina\Desktop\Checkout_new\CLI Folders\Dell Plasma-ARC

2+3\new_system_mifs_ARC2_latest\ACL.fm

D E LL CO N F I D E N T IA L – P R E L I M I N A RY 4 / 3 / 14 - F O R PR O O F O N LY

• log-input—Specifies sending an informational SYSLOG message about

the packet that matches the entry. Because forwarding/dropping is done in

hardware and logging is done in software, if a large number of packets

match an ACE containing a log-input keyword, the software might not be

able to match the hardware processing rate, and not all packets will be

logged.

Default Configuration

No IPv4 access list is defined.

Command Mode

IP Access-list Configuration mode

User Guidelines

If a range of ports is used for source port in an ACE, it is not counted again, if

it is also used for a source port in another ACE. If a range of ports is used for

the destination port in an ACE, it is not counted again if it is also used for

destination port in another ACE.
If a range of ports is used for source port it is counted again if it is also used

for destination port.

Example

console(config)# ip access-list extended server

console(config-ip-al)#

permit ip 176.212.0.0 00.255.255 any

deny ( IP )

Use the deny IP Access-list Configuration mode command to set deny

conditions for IPv4 access list. Deny conditions are also known as access

control entries (ACEs). Use the no form of the command to remove the

access control entry.

Syntax

deny

protocol {any | source source-wildcard} {any | destination destination-

wildcard} [dscp number | precedence number] [

time-range

time-range-

name] [disable-port |log-input ]