Planet WGSW-28040 Command Manual page 53

[sequence <1-2147483647>] deny (A:B:C:D:E:F/A:B:C:D:E:F|any)
(A:B:C:D:E:F/A:B:C:D:E:F|any) [vlan <1-4094>] [cos <0-7> <0-7>] [ethtype
<1501-65535>] [shutdown]
no sequence <1-2147483647>
Parameter:
<1-2147483647>
(A:B:C:D:E:F/A:B:C
:D:E:F|any)
(A:B:C:D:E:F/A:B:C
:D:E:F|any)
[vlan <1-4094>]
[cos <0-7> <0-7>]
[ethtype
<1501-65535>]
[shutdown]
Mode:
MAC ACL Configuration
Usage Guide:
Use the deny command to add deny conditions for a mac ACE that drop those packets hit the ACE. The "sequence"
also represents hit priority when ACL bind to an interface. An ACE not specifies "sequence" index would assign a
sequence index which is the largest existed index plus 20. If packet content can match more than one ACE, the
lowest sequence ACE is hit. An ACE can not be added if has the same conditions as existed ACE. Use "shutdown"
to shutdown interface while ACE hit.
Example:
The example shows how to add an ACE that denies packets with destination MAC address aa:bb:cc:xx:xx:xx and
VLAN 9. You can verify settings by the following show acl command
Switch(config)# mac acl test
Switch(mac-al)# sequence 30 permit any any
Switch(mac-al)# deny any aa:bb:cc:00:0:00/FF:FF:FF:00:00:00 vlan 9 shutdown
Switch(mac-al)# show acl
MAC access list test
sequence 30 permit any any
(Optional) Specify sequence index of ACE, the sequence index represent the priority of
an ACE in ACL.
Specify the source MAC address and mask of packet or any MAC address.
Specify the destination MAC address and mask of packet or any MAC address.
(Optional) Specify the vlan ID of packet.
(Optional) Specify the Class of Service value and mask of packet.
(Optional) Specify Ethernet protocol number of packet
(Optional) Shutdown interface while ACE hit
Command Guide of WGSW-28040
53