deny icmp
Configure a filter to drop all or specific internet control message protocol (ICMP) messages.
E-Series, Z-Series, S4810
Syntax
deny icmp {
source mask
| any | host
ip-address
} {
destination
mask
| any | host
ip-address
} [dscp] [
message-type
] [count
[byte] | log] [order] [monitor] [fragments]
To remove this filter, you have two choices:
•
Use the
no seq
sequence-number
command if you know the filter’s sequence
number.
•
Use the
no deny icmp {
source mask
| any | host
ip-address
}
{
destination mask
| any | host
ip-address
}
command.
Parameters
source
Enter the IP address of the network or host from which the packets
were sent.
mask
Enter a network mask in /prefix format (/x) or A.B.C.D. The mask,
when specified in A.B.C.D format, may be either contiguous or non-
contiguous.
any
Enter the keyword
any
to specify that all routes are subject to the
filter.
host
ip-address
Enter the keyword
host
and then enter the IP address to specify a
host IP address.
destination
Enter the IP address of the network or host to which the packets are
sent.
dscp
Enter this keyword
dscp
to deny a packet based on the DSCP value.
The range is 0 to 63.
message-type
(OPTIONAL) Enter an ICMP message type, either with the type (and
code, if necessary) numbers or with the name of the message type.
The range is 0 to 255 for ICMP type and 0 to 255 for ICMP code.
count
(OPTIONAL) Enter the keyword
count
to count packets processed
by the filter.
byte
(OPTIONAL) Enter the keyword
byte
to count bytes processed by
the filter.
log
(OPTIONAL, E-Series only) Enter the keyword
log
to have the
information kept in an ACL log file.
order
(OPTIONAL) Enter the keyword
order
to specify the QoS priority for
the ACL entry. The range is 0 to 254 (where 0 is the highest priority
and 254 is the lowest; lower order numbers have a higher priority) If
you did not use the keyword
order
, the ACLs have the lowest order
by default (255).
monitor
(OPTIONAL) Enter the keyword
monitor
when the rule is describing
the traffic that you want to monitor and the ACL in which you are
232
Summary of Contents for Force10 Z9000
Page 1: ...FTOS Command Line Reference Guide for the Z9000 System FTOS 9 1 0 0 ...
Page 96: ...96 ...
Page 194: ...194 ...
Page 312: ...312 ...
Page 540: ...540 ...
Page 546: ...546 ...
Page 560: ...560 ...
Page 566: ...566 ...
Page 590: ...action act UpdateCounter param0 1 0x01 param1 0 0x00 output truncated 590 ...
Page 624: ...624 ...
Page 638: ...638 ...
Page 648: ...648 ...
Page 659: ...Related Commands show gvrp displays the GVRP configuration 659 ...
Page 660: ...660 ...
Page 834: ...834 ...
Page 854: ...854 ...
Page 906: ...906 ...
Page 914: ...914 ...
Page 976: ...976 ...
Page 990: ...990 ...
Page 1006: ...1006 ...
Page 1008: ...1008 ...
Page 1026: ...1026 ...
Page 1145: ...10 211 1 2 Outgoing interface list GigabitEthernet 8 0 1145 ...
Page 1146: ...1146 ...
Page 1156: ...1156 ...
Page 1166: ...1166 ...
Page 1180: ...1180 ...
Page 1258: ...1258 ...
Page 1272: ...1272 ...
Page 1394: ...1394 ...
Page 1400: ...1400 ...
Page 1410: ...1410 ...
Page 1424: ...1424 ...
Page 1444: ...1444 ...
Page 1468: ...Version 8 3 8 0 Introduced on the S4810 1468 ...
Page 1470: ...1470 ...