Overview
14-4
deny {icmp} {source/
source-mask | host source
| any} {destination/
destination-mask | host
destination | any} [icmp-
type | [icmp-type icmp-
code]] [log] [rule-
precedence access-list-
entry precedence]
Use with
deny command to reject icmp packets.
• deny – The keyword specifies deny action on an ACL.
•{icmp} – Specifies icmp as the protocol.
• {source/source-mask | host source | any} – source is the source IP
address of the network or host in dotted decimal format. Source-mask is
the network mask. For example, 10.1.1.10/24 indicates the first 24 bits of
the source IP are used for matching.
• any is an abbreviation for source IP of 0.0.0.0 and source-mask bits
equal to 0.
• host is an abbreviation for exact source (A.B.C.D) and source-mask
bits equal to 32.
• {destination/ destination-mask | host destination | any} – The destination
host IP address or destination network address.
• [icmp-type |icmp-type icmp-code] – ICMP type value from 0 to 255. Valid
only for protocol type icmp. ICMP code value from 0 to 255. Valid only
for the protocol type icmp.
• [log] – Generates log messages when the packet coming from the
interface matches an ACL entry. Log messages are generated only for
router ACLs.
• [rule-precedence access-list-entry precedence] – Integer value between
1-5000. This value sets the rule precedence in the ACL.
To Next Page
Loading...
Need help?
General
