Deny – Brocade Mobility RFS7000-GR Controller CLI Reference Guide (Supporting software release 4.1.0.0-040GR and later) User Manual
Page 389
Brocade Mobility RFS7000-GR CLI Reference Guide
375
53-1001945-01
Standard ACL Config Commands
15
deny
Use this command to specify packets to reject.
Syntax
deny(A.B.C.D/M|any|host)
deny any(log|rule-precedence)
deny any log(rule-precedence)
<1-5000>
deny any rule-precedence
<1-5000>
deny host A.B.C.D (log|rule-precedence)
deny host A.B.C.D log(rule-precedence)
<1-5000>
deny host rule-precedence
<1-5000>
Parameters
Usage Guidelines
Use this command to deny traffic based on source the IP address or network address. The last ACE
in the access list is an implict deny statement.
Whenever the interface receives the packet, its content is checked against all the ACE’s in the ACL.
It is allowed/denied based on the ACL configuration.
NOTE
The log option is functional only for router ACL’s. The log option results in an informational logging
message for the packet matching the entry sent to the console.
Example
The example below denies all traffic entering the interface. A log message is generated in the
console whenever the interface receives a packet.
RFS7000(config-std-nacl)#deny any log rule-precedence 50
RFS7000(config-std-nacl)#
The example below denies traffic from the source network (xxx.xxx.1.0/24) and allows all other
traffic to flow through the interface.
RFS7000(config-std-nacl)#deny xxx.xxx.1.0/24 rule-precedence 60
RFS7000(config-std-nacl)#permit any
A.B.C.D/M
Source IP address range to match.
any
Any source IP address.
•
log – Log matches against this entry.
•
rule-precedence <1-5000> – Access-list entry precedence.
host
Single host address.
•
A.B.C.D – Exact source IP address to match.
•
log – Log matches against this entry.
•
rule-precedence <1-5000> – Access-list entry precedence.