57
Cisco Nexus 5500 Series NX-OS Security Command Reference
OL-27883-02
Chapter D Commands
deny tcp (IPv4)
Command Default A newly created IPv4 ACL contains no rules.
If you do not specify a sequence number, the switch assigns the rule a sequence number that is 10 greater
than the last rule in the ACL.
Command Modes IPv4 ACL configuration
Command History
Usage Guidelines When the switch applies an IPv4 ACL to a packet, it evaluates the packet with every rule in the ACL.
The switch enforces the first rule whose conditions are satisfied by the packet. When the conditions of
more than one rule are satisfied, the switch enforces the rule with the lowest sequence number.
fragments (Optional) Specifies that the rule matches only those packets that are
noninitial fragments. You cannot specify this keyword in the same rule that
you specify Layer 4 options, such as a TCP port number, because the
information that the switch requires to evaluate those options is contained
only in initial fragments.
log (Optional) Specifies that the device generates an informational logging
message about each packet that matches the rule. The message includes the
following information:
• Protocol
• Source and destination addresses
• Source and destination port numbers, if applicable
precedence precedence (Optional) Specifies that the rule matches only packets that have an IP
Precedence field with the value specified by the precedence argument. The
precedence argument can be a number or a keyword as follows:
• 0–7—Decimal equivalent of the 3 bits of the IP Precedence field. For
example, if you specify 3, the rule matches only packets that have the
following bits in the DSCP field: 011.
• critical—Precedence 5 (101)
• flash—Precedence 3 (011)
• flash-override—Precedence 4 (100)
• immediate—Precedence 2 (010)
• internet—Precedence 6 (110)
• network—Precedence 7 (111)
• priority—Precedence 1 (001)
• routine—Precedence 0 (000)
Release Modification
5.2(1)N1(1) This command was introduced.
To Next Page
Loading...
