42
Cisco Nexus 5500 Series NX-OS Security Command Reference
OL-27883-02
Chapter D Commands
deny icmp (IPv4)
Command Default A newly created IPv4 ACL contains no rules.
If you do not specify a sequence number, the switch assigns the rule a sequence number that is 10 greater
than the last rule in the ACL.
Command Modes IPv4 ACL configuration
Command History
Usage Guidelines When the switch applies an IPv4 ACL to a packet, it evaluates the packet with every rule in the ACL.
The switch enforces the first rule whose conditions are satisfied by the packet. When the conditions of
more than one rule are satisfied, the switch enforces the rule with the lowest sequence number.
Source and Destination
You can specify the source and destination arguments in one of several ways. In each rule, the method
that you use to specify one of these arguments does not affect how you specify the other argument. When
you configure a rule, use the following methods to specify the source and destination arguments:
log (Optional) Specifies that the device generates an informational logging
message about each packet that matches the rule. The message includes the
following information:
• Protocol
• Source and destination addresses
• Source and destination port numbers, if applicable
precedence precedence (Optional) Specifies that the rule matches only packets that have an IP
Precedence field with the value specified by the precedence argument. The
precedence argument can be a number or a keyword as follows:
• 0–7—Decimal equivalent of the 3 bits of the IP Precedence field. For
example, if you specify 3, the rule matches only packets that have the
following bits in the DSCP field: 011.
• critical—Precedence 5 (101)
• flash—Precedence 3 (011)
• flash-override—Precedence 4 (100)
• immediate—Precedence 2 (010)
• internet—Precedence 6 (110)
• network—Precedence 7 (111)
• priority—Precedence 1 (001)
• routine—Precedence 0 (000)
Release Modification
5.2(1)N1(1) This command was introduced.
To Next Page
Loading...
