Dell PowerSwitch S4128F-ON OS10 Enterprise Edition User Guide Release 10.4.0ER - Page 501
deny (IPv6), deny (MAC
View all Dell PowerSwitch S4128F-ON manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 501 highlights
Example OS10(config)# ip access-list testflow OS10(conf-ipv4-acl)# deny udp any any Supported Releases 10.2.0E or later deny (IPv6) Configures a filter to drop packets with a specific IPv6 address. Syntax Parameters deny [protocol-number | icmp | ipv6 | tcp | udp] [A::B | A::B/x | any | host ipv6-address] [A::B | A::B/x | any | host ipv6-address] [capture | count [byte] | dscp value | fragment] • protocol-number - (Optional) Enter the protocol number identified in the IP header, from 0 to 255. • icmp - (Optional) Enter the ICMP address to deny. • ipv6 - (Optional) Enter the IPv6 address to deny. • tcp - (Optional) Enter the TCP address to deny. • udp - (Optional) Enter the UDP address to deny. • A::B - Enter the IPv6 address in dotted decimal format. • A::B/x - Enter the number of bits to match to the IPv6 address. • any - (Optional) Enter so that all routes are subject to the filter: - capture - (Optional) Capture packets the filter processes. - count - (Optional) Count packets the filter processes. - byte - (Optional) Count bytes the filter processes. - dscp value - (Optional) Deny a packet based on the DSCP values, from 0 to 63. - fragment - (Optional) Use ACLs to control packet fragments. • host ipv6-address - (Optional) Enter the keyword and the IPv6 address to use a host address only. Default Command Mode Usage Information Example Not configured IPV6-ACL OS10 cannot count both packets and bytes; when you use the count byte options, only bytes increment. The no version of this command removes the filter. OS10(config)# ipv6 access-list ipv6test OS10(conf-ipv6-acl)# deny ipv6 any any capture session 1 Supported Releases 10.2.0E or later deny (MAC) Configures a filter to drop packets with a specific MAC address. Syntax deny {nn:nn:nn:nn:nn:nn [00:00:00:00:00:00] | any} {nn:nn:nn:nn:nn:nn [00:00:00:00:00:00] | any} [protocol-number | capture | cos | count | vlan] Parameters • nn:nn:nn:nn:nn:nn - Enter the MAC address of the network from or to which the packets are sent. • 00:00:00:00:00:00 - (Optional) Enter which bits in the MAC address must match. If you do not enter a mask, a mask of 00:00:00:00:00:00 applies. Access Control Lists 501