Command:

deny (standard)


Mode:

Router(config-std-nacl)#


Syntax:

deny {source [source-wildcard] | any} [log]

Syntax Description:
any applies the list to all sources
log (Optional) Causes an informational logging message about the packet that matches the entry to be sent to the console. (The level of messages logged to the console is controlled by the logging console command.)
source Number of the network or host from which the packet is being sent. There are three alternative ways to specify the source:
Use a 32-bit quantity in four-part, dotted-decimal format. 
Use the keyword any as an abbreviation for a source and source-wildcard of 0.0.0.0 255.255.255.255. 
Use host source as an abbreviation for a source and source-wildcard of source 0.0.0.0. 
source-wildcard Wildcard bits to be applied to source. Each wildcard bit set to zero indicates that the corresponding bit position in the packet's ip address must exactly match the bit value in the corresponding bit position in the source. Each wildcard bit set to one indicates that both a zero bit and a one bit in the corresponding position of the packet's ip address will be considered a match to this access list entry.

Command Description:

In access-list configuration mode, specify one or more conditions denied. Packets matching this condition will not be allowed to pass through the interface.

Example:

This example adds a entry to an IP standard named access control list that denies all IP traffic from host 1.2.3.4: 

Router(config-std-nacl)#deny 1.2.3.4

 

Misconceptions:
None

Related Commands:
ip access-list standard
permit (standard)

� Cisco Systems, Inc. 2001, 2002, 2003
World Wide Education

Converted from CHM to HTML with chm2web Pro 2.85 (unicode)