The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.
To prevent traffic from a source IP address to a destination IP address, use the deny command. To remove a deny rule, if any, use the no form of this command.
[sequence-number] deny ip source-address destination-address
no sequence-number
sequence-number |
(Optional) Specifies the sequence number. The range is from 1–4294967295. The default is 10.
|
||
source-address |
Specifies the source IP address. |
||
destination-address |
Specifies the destination IP address. |
No rule is created on traffic.
Release |
Modification |
---|---|
Cisco NX-OS 8.2(1) |
This command was introduced. |
Catena must be enabled and configured before using this command. For more information about these tasks, see "Cisco Nexus 7000 Series Switches Configuration Guide: The Catena Solution."
This example shows how to deny traffic from a source IP address to a destination IP address:
switch(config)# catena port-acl pa1 switch(config-port-acl)# 2 deny ip host 0.0.0.0 host 10.0.0.1
Command |
Description |
---|---|
catena |
Creates a Catena instance. |
catena port-acl |
Configures an ACL port. |
permit |
Allows traffic from a source IP address to a destination IP address. |