| |
|
|
deny
Sets the condition for a named IP access list to deny.
Syntax: deny
Description: Use the deny command in access-list configuration mode to prevent outbound route updates from being advertised and inbound route updates from being accepted. This command is also used for packet filtering. See "access-list" and "ip access-list".
Factory Default: None.
Command Mode: Access list configuration.
Example: In the following example:
- The ip access-list command creates a standard access list named ISP1_inbound and changes the command mode to access-list configuration.
- The permit command adds a condition to the access list that permits access from hosts on 2 specified networks.
router(config)#ip access-list standard ISP1_inbound
router(config-std-nacl)#permit 205.5.1.121 0.0.0.255
router(config-std-nacl)#permit 128.20.0.0 0.0.255.255
router(config-std-nacl)#exit
router(config)#
When the access list is applied to outbound routes, only those prefixes specified by the permit command are advertised.
When the access list is applied to inbound routes, only those prefixes specified by the permit command are accepted.
Related Commands: access list
ip access-list
ip as-path access-list
ip community-list
neighbor distribute-list
neighbor filter-list
permit
route-map
show access-lists
show ip access-lists
| |
|
|
Copyright © 2004
Avici Systems Inc.
Avici® and TSR®
is a registered trademark of Avici Systems Inc.
IPriori™, Composite Links™, SSR™, QSR, and NSR® are
trademarks of Avici Systems Inc.
Source
File Name: Routing_Pol.fm
HTML File Name: Routing_Pol5.html
Last Updated: 05/10/04 at 16:38:37