2.2.3. deny

Syntax

[sequence <1-65535>] deny interfaces IF_PORTS service(all|http|https|snmp|ssh|telnet)

[sequence <1-65535>] deny ip A.B.C.D/A.B.C.D interfaces IF_PORTS service (allhttpsssh|telnet)

[sequence <1-65535>] deny ipv6 X:X::X:X/<0-128> interfaces IF_PORTS service (allhttpsssh|telnet)

Parameter


<1-65535> (Optional) Specify sequence index of ACL entry, the sequence index represent the priority of an entry in ACL. If not specified, the switch assigns a number from 1 in ascending order.

interfaces IF_PORTS Specify the interface ID or a list of interface IDs.

ip A.B.C.D/A.B.C.D Specify the source IP address and mask of packet.

ipv6 X:X::X:X/<0-128> Specify the source IPv6 address and prefix length of packet.

(all| Specify the type of services. http|https|snmp|ssh|telnet)


Default

No rules are configured.

Mode

Management Access-List Configuration

Usage

Use the deny command to add deny rules that drop those packets hit the rule.

Example

The following example shows how to add a deny rule to drop all types of services packets that source ip is 1.1.1.1 from interface gi1.

Switch(config)# management access-list test
Switch(config-macl)# sequence 1 deny ip 1.1.1.1/255.255.255.255 interfaces gi1 service all