EasyManua.ls Logo

Cisco Nexus 7000 Series - Page 286

Cisco Nexus 7000 Series
1018 pages
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Loading...
(Optional) Specifies that the rule matches only packets
with an IEEE 802.1Q header that contains the VLAN
ID given. The VLAN-ID argument can be an integer
from 1 to 4094.
vlan VLAN-ID
(Optional) Specifies the time range that applies to this
rule. You can configure a time range by using the
time-range command.
time-range time-range-name
Command Default
A newly created MAC ACL contains no rules.
If you do not specify a sequence number, the device assigns the rule a sequence number that is 10 greater than
the last rule in the ACL.
Command Modes
MAC ACL configuration
Command History
ModificationRelease
This command was introduced.4.0(1)
Usage Guidelines
When the device applies a MAC ACL to a packet, it evaluates the packet with every rule in the ACL. The
device enforces the first rule that has conditions that are satisfied by the packet. When the conditions of more
than one rule are satisfied, the device enforces the rule with the lowest sequence number.
This command does not require a license.
Source and Destination
You can specify the source and destination arguments in one of two ways. In each rule, the method that you
use to specify one of these arguments does not affect how you specify the other argument. When you configure
a rule, use the following methods to specify the source and destination arguments:
Address and maskYou can use a MAC address followed by a mask to specify a single address or a
group of addresses. The syntax is as follows:
MAC-address MAC-mask
The following example specifies the source argument with the MAC address 00c0.4f03.0a72:
switch(config-acl)# deny 00c0.4f03.0a72 0000.0000.0000 any
The following example specifies the destination argument with a MAC address for all hosts with a MAC
vendor code of 00603e:
switch(config-acl)# deny any 0060.3e00.0000 0000.0000.0000
Any addressYou can use the any keyword to specify that a source or destination is any MAC address.
For examples of the use of the any keyword, see the examples in this section. Each of the examples
shows how to specify a source or destination by using the any keyword.
Cisco Nexus 7000 Series Security Command Reference
260
D Commands
deny (MAC)

Table of Contents

Other manuals for Cisco Nexus 7000 Series

Preview: Quick Start Guide
Quick Start Guide10 pages
Preview: Reference Guide
Reference Guide746 pages
Preview: Configuration Guide
Configuration Guide536 pages
Preview: Hardware Installation And Reference Guide
Hardware Installation And Reference Guide402 pages
Preview: Troubleshooting
Troubleshooting10 pages
Preview: Configuring
Configuring8 pages

Related product manuals