66
Cisco Nexus 5500 Series NX-OS Security Command Reference
OL-27883-02
Chapter D Commands
deny icmp (IPv6)
deny icmp (IPv6)
To create an access control list (ACL) rule that denies ICMP IPv6 traffic matching its conditions, use the
deny command. To remove a rule, use the no form of this command.
[sequence-number] deny icmp source destination [icmp-message | dscp dscp |
flow-label flow-label-value | fragments]
no deny icmp source destination [icmp-message | dscp dscp | flow-label flow-label-value |
fragments]
no sequence-number
Syntax Description sequence-number (Optional) Sequence number of the deny command, which causes the device
to insert the command in that numbered position in the access list. Sequence
numbers maintain the order of rules within an ACL.
A sequence number can be any integer between 1 and 4294967295.
By default, the first rule in an ACL has a sequence number of 10.
If you do not specify a sequence number, the device adds the rule to the end
of the ACL and assigns a sequence number that is 10 greater than the
sequence number of the preceding rule.
Use the resequence command to reassign sequence numbers to rules.
source Source IPv6 addresses that the rule matches. For details about the methods
that you can use to specify this argument, see the “Source and Destination”
section in the “Usage Guidelines” section.
destination Destination IPv6 addresses that the rule matches. For details about the
methods that you can use to specify this argument, see the “Source and
Destination” section in the “Usage Guidelines” section.
icmp-message (Optional) ICMPv6 message type that the rule matches. This argument can
be an integer from 0 to 255 or one of the keywords listed in the “ICMPv6
Message Types” section in the “Usage Guidelines” section.
To Next Page
Loading...
