deny (IP) 45
Example
The following example shows how to define a permit statement for an IP
ACL.
deny (IP) The deny IP-Access List Configuration mode command denies traffic if
the conditions defined in the deny statement match.
Syntax
deny [disable-port] {any | protocol} {any | {source source-wildcard}}
{any | {destination destination-wildcard}} [dscp dscp number |
ip-precedence ip-precedence]
deny-icmp
deny-igmp
deny-tcp
deny-udp
Parameters
■ disable-port — Specifies that the port is disabled.
■ source — Specifies the IP address or host name from which the packet
was sent. Specify any to indicate IP address 0.0.0.0 and mask
255.255.255.255.
■ source-wildcard — (Optional for the first type) Specifies wildcard bits
by placing 1s in bit positions to be ignored. Specify any to indicate IP
address 0.0.0.0 and mask 255.255.255.255.
■ destination — Specifies the IP address or host name to which the
packet is being sent. Specify any to indicate IP address 0.0.0.0 and
mask 255.255.255.255.
■ destination-wildcard — (Optional for the first type) Specifies wildcard
bits by placing 1s in bit positions to be ignored. Specify any to
indicate IP address 0.0.0.0 and mask 255.255.255.255.
■ protocol — Specifies the abbreviated name or number of an IP
protocol. The following table lists protocols that can be specified:
Console(config)#
ip access-list
ip-acl1
Console(config-ip-al)#
permit
rsvp 192.1.1.1 0.0.0.0
any
dscp
56