ingress and egress interfaces are examined and, appropriate ACLs can be applied inboth the ingress and egress direction. Flow-based monitoring conservesbandwidth by monitoring only specified traffic instead all traffic on the interface.This feature is particularly useful when looking for malicious traffic. It is available forLayer 2 and Layer 3 ingress and egress traffic. You may specify traffic usingstandard or extended access-lists. This mechanism copies all incoming or outgoingpackets on one port and forwards (mirrors) them to another port. The source portis the monitored port (MD) and the destination port is the monitoring port (MG).deny udp (for IPv6 ACLs)Configure a filter to drop user datagram protocol (UDP) packets meeting the filter criteria.Syntax deny udp {source address mask | any | host ipv6-address}[operator port [port]] {destination address | any | host ipv6-address} [operator port [port]] [count [byte]] [log [intervalminutes] [threshold-in-msgs [count]] [monitor]To remove this filter, you have two choices:• Use the no seq sequence-number command syntax if you know the filter’ssequence number• Use the no deny udp {source address mask | any | host ipv6-address} {destination address | any | host ipv6-address}commandParameters log (OPTIONAL) Enter the keyword log to enable the triggeringof ACL log messages.threshold-inmsgs count(OPTIONAL) Enter the threshold-in-msgs keywordfollowed by a value to indicate the maximum number of ACLlogs that can be generated, exceeding which the generationof ACL logs is terminated. with the seq, permit, or denycommands. The threshold range is from 1 to 100.intervalminutes(OPTIONAL) Enter the keyword interval followed by thetime period in minutes at which ACL logs must be generated.The threshold range is from 1 to 10 minutes.monitor (OPTIONAL) Enter the keyword monitor when the rule isdescribing the traffic that you want to monitor and the ACLin which you are creating the rule is applied to the monitoredinterface.Defaults By default, 10 ACL logs are generated if you do not specify the threshold explicitly.The default frequency at which ACL logs are generated is five minutes. By default,flow-based monitoring is not enabled.CommandModesACCESS-LISTAccess Control Lists (ACL) 339