18 deny – CANOGA PERKINS CanogaOS Command Reference User Manual

CanogaOS Command Line Reference

Revision 1.02

Proprietary & Confidential Canoga Pertkins Metro Ethernet Switches

Page 673 of 855

None

Examples

This example shows how to delete an IP filter with equence number 10 from an IP ACL.
Switch(config-ip-acl)# no sequence-num 10

Related Commands

<1-2147483646> deny

<1-2147483646> permit

33.18 deny

Use this command to discard ongoing IP packets matching the IP filter.

Command Syntax

[<1-2147483646>] deny {<0-255> | any } { source source-mask | any | host source } {destination
destination-mask | any | host destination} [ ip-precedence precedence | dscp dscp ] [ fragments ]
[ routed-packet ] [ options ] [ time-range time-range-name ] [ stats ]
<1-2147483646>: the sequence number of the filter in IP ACL. An auto-generated sequence number
will be assigned to the filter if this field is not presented
<0-255>: an IP protocol number
any: any IP protocol
source source-mask: the source IP address and its wildcard bits
any: any source host
host source: the source IP address of a host
destination destination-mask: the destination IP address and its wildcard bits
ip-precedence precedence: match packets with given precedence value
dscp dscp: Match packets with given dscp value

fragments

：check non-initial fragments

routed-packet: match routed packet
options: match packets with IP options
time-range: the time-range used by the IP filter
stats: statistic function will be enable if this field is presented

Command Mode

IP ACL configuration

Usage

If IP address wildcard bits is provided, the IP address is logically-anded in bitwise with the reverse
bits of the wildcard bits. For example, 10.10.10.0 0.0.0.255 means the addresses from 10.10.10.0