ACL Commands 163
Syntax
{deny | permit} {
srcmac
srcmacmask
| any} {
dstmac dstmacmask
| any | bpdu }
[{
ethertypekey
|
0x0600-0xFFFF
}] [ vlan eq
0-4095
] [cos
0-7
] [secondary-vlan eq
0-4095
]
[secondary-cos
0-7
] [log] [ assign-queue
queue-id
] [{mirror |redirect}
interface
]
•
srcmac
— Valid source MAC address in format xxxx.xxxx.xxxx.
•
srcmacmask
— Valid MAC address bitmask for the source MAC address in format
xxxx.xxxx.xxxx.
•
any
— Packets sent to or received from any MAC address
•
dstmac
— Valid destination MAC address in format xxxx.xxxx.xxxx.
•
destmacmask
— Valid MAC address bitmask for the destination MAC address in format
xxxx.xxxx.xxxx.
•
bpdu
— Bridge protocol data unit
•
ethertypekey
— Either a keyword or valid four-digit hexadecimal number. (Range: Supported
values are appletalk, arp, ibmsna, ipv4, ipv6, ipx, mplsmcast, mplsucast, Netbios, novell,
pppoe, rarp.)
•
0x0600-0xFFFF
— Specify custom ethertype value (hexadecimal range 0x0600-0xFFFF)
•
vlan eq
— VLAN number. (Range 0-4095)
•
cos
— Class of service. (Range 0-7)
• log — Specifies that this rule is to be logged.
•
assign-queue
— Specifies particular hardware queue for handling traffic that matches the
rule.
•
queue-id
— 0-6, where n is number of user configurable queues available for that hardware
platform.
• mirror — Copies the traffic matching this rule to the specified interface.
•
redirect
— Forwards traffic matching this rule to the specified physical interface.
•
interface
— Valid physical interface in
unit/<port-type>port
format, for example 1/g12.
Default Configuration
This command has no default configuration.
Command Mode
Mac-Access-List Configuration mode
User Guidelines
The no form of this command is not supported, as the rules within an ACL cannot be deleted
individually. Rather the entire ACL must be deleted and respecified.
To Next Page
Loading...
