The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.
This chapter describes the Cisco NX-OS TrustSec commands that begin with D.
To configure a deny action in the security group access control list (SGACL), use the deny command. To remove the action, use the no form of this command.
deny { all | icmp | igmp | ip | {{ tcp | udp } [{ dest | dst | src } {{ eq | gt | lt | neq } port-number } | range port-number1 port-number2 }]} [ log ]
no deny { all | icmp | igmp | ip | {{ tcp | udp } [{ dest | dst | src } {{ eq | gt | lt | neq } port-number } | range port-number1 port-number2 }]} [ log ]
Specifies Internet Group Management Protocol (IGMP) traffic. |
|
(Optional) Specifies that packets matching this configuration be logged. |
role-based access control list (RBACL)
|
|
To use this command, you must first enable the 802.1X feature by using the feature dot1x command and then enable the Cisco TrustSec feature using the feature cts command.
To enable RBACL logging, you must enable RBACL policy enforcement on the VLAN. You must also enable Cisco TrustSec counters using the cts role-based counters enable command.
This example shows how to add a deny action to an SGACL and enable RBACL logging:
This example shows how to remove a deny action from an SGACL:
|
|
---|---|