ACL Commands
129 OL-32830-01 Command Line Interface Reference Guide
4
4.9 deny (MAC)
Use the deny command in MAC Access-list Configuration mode to set deny
conditions (ACEs) for a MAC ACL. Use the no form of the command to remove the
access control entry.
Syntax
deny
{any | source source-wildcard} {any | destination destination-wildcard}
[
ace-priority
priority][{eth-type 0}| aarp | amber | dec-spanning | decnet-iv |
diagnostic | dsm | etype-6000] [vlan vlan-id] [cos cos cos-wildcard] [
time-range
time-range-name] [disable-port |log-input ]
no deny
{any | source source-wildcard} {any | destination destination-wildcard}
[{eth-type 0}| aarp | amber | dec-spanning | decnet-iv | diagnostic | dsm |
etype-6000] [vlan vlan-id] [cos cos cos-wildcard] [
time-range
time-range-name]
[disable-port |log-input ]
Parameters
•
source
—Source MAC address of the packet.
•
source-wildcard
—Wildcard bits to be applied to the source MAC address.
Use ones in the bit position that you want to be ignored.
•
destination
—Destination MAC address of the packet.
•
destination-wildcard
—Wildcard bits to be applied to the destination MAC
address. Use 1s in the bit position that you want to be ignored.
•
priority
- Specify the priority of the access control entry (ACE) in the access
control list (ACL). "1" value represents the highest priority and "2147483647"
number represents the lowest priority.(Range: 1-2147483647)
•
eth-type
—The Ethernet type in hexadecimal format of the packet.
•
vlan-id
—The VLAN ID of the packet. (Range: 1–4094).
•
cos
—The Class of Service of the packet.(Range: 0–7).
•
cos-wildcard
—Wildcard bits to be applied to the CoS.
• time-range-name—Name of the time range that applies to this permit
statement. (Range: 1–32)
• disable-port—The Ethernet interface is disabled if the condition is matched.
• log-input—Specifies sending an informational syslog message about the
packet that matches the entry. Because forwarding/dropping is done in
To Next Page
Loading...
Need help?
General
