deny (MAC)
To create a MAC access control list (ACL)+ rule that denies traffic matching its conditions, use the deny
command. To remove a rule, use the no form of this command.
[ sequence-number ] deny source destination [ protocol ] [cos cos-value] [vlan VLAN-ID] [time-range
time-range-name]
no deny source destination [ protocol ] [cos cos-value] [vlan VLAN-ID] [time-range time-range-name]
no sequence-number
Syntax Description
(Optional) Sequence number of the deny command,
which causes the device to insert the command in that
numbered position in the access list. Sequence
numbers maintain the order of rules within an ACL.
A sequence number can be any integer between 1 and
4294967295.
By default, the first rule in an ACL has a sequence
number of 10.
If you do not specify a sequence number, the device
adds the rule to the end of the ACL and assigns a
sequence number that is 10 greater than the sequence
number of the preceding rule.
Use the resequence command to reassign sequence
numbers to rules.
sequence-number
Source MAC addresses that the rule matches. For
details about the methods that you can use to specify
this argument, see “Source and Destination” in the
“Usage Guidelines” section.
source
Destination MAC addresses that the rule matches.
For details about the methods that you can use to
specify this argument, see “Source and Destination”
in the “Usage Guidelines” section.
destination
(Optional) Protocol number that the rule matches.
Valid protocol numbers are 0x0 to 0xffff. For listings
of valid protocol names, see “MAC Protocols” in the
“Usage Guidelines” section.
protocol
(Optional) Specifies that the rule matches only packets
with an IEEE 802.1Q header that contains the Class
of Service (CoS) value given in the cos-value
argument. The cos-value argument can be an integer
from 0 to 7.
cos cos-value
Cisco Nexus 7000 Series Security Command Reference
259
D Commands
deny (MAC)
To Next Page
Loading...
