38
Cisco Nexus 5500 Series NX-OS Security Command Reference
OL-27883-02
deny (ARP)
To create an ARP ACL rule that denies ARP traffic that matches its conditions, use the deny command.
To remove a rule, use the no form of this command.
General Syntax
[sequence-number] deny ip {any | host sender-IP | sender-IP sender-IP-mask} mac any
no sequence-number
no deny ip {any | host sender-IP | sender-IP sender-IP-mask} mac any
Syntax Description
Command Default None
sequence-number (Optional) Sequence number of the deny command, which causes the
device to insert the command in that numbered position in the access list.
Sequence numbers maintain the order of rules within an ACL.
A sequence number can be any integer between 1 and 4294967295.
By default, the first rule in an ACL has a sequence number of 10.
If you do not specify a sequence number, the device adds the rule to the end
of the ACL and assigns a sequence number that is 10 greater than the
sequence number of the preceding rule.
Use the resequence command to reassign sequence numbers to rules.
ip Introduces the IP address portion of the rule.
any (Optional) Specifies that any host matches the part of the rule that contains
the any keyword. You can use the any to specify the sender IP address,
target IP address, sender MAC address, and target MAC address.
host sender-IP (Optional) Specifies that the rule matches ARP packets only when the
sender IP address in the packet matches the value of the sender-IP
argument. Valid values for the sender-IP argument are IPv4 addresses in
dotted-decimal format.
sender-IP
sender-IP-mask
(Optional) IPv4 address and mask for the set of IPv4 addresses that the
sender IP address in the packet can match. The sender-IP and
sender-IP-mask argument must be given in dotted-decimal format.
Specifying 255.255.255.255 as the sender-IP-mask argument is the
equivalent of using the host keyword.
mac Introduces the MAC address portion of the rule.
To Next Page
Loading...
