Deny (Mac) - Dell PowerConnect 3524 Cli Reference Manual

Example
The following example shows how to create a MAC ACL with permit rules.
Console(config)# mac access-list macl-acl1
Console(config-mac-al)# permit 06:a6 00:00:00:00:00:00 any vlan 6

deny (MAC)

The deny MAC-Access List Configuration mode command denies traffic if the conditions defined in the
deny statement match.
Syntax
deny [disable-port] {any|{source source- wildcard} {any|{ destination destination- wildcard}} [vlan
•
vlan-id] [cos cos cos-wildcard] [ethtype eth-type]
• disable-port — Indicates that the port is disabled if the condition is matched.
• source — Specifies the MAC address of the host from which the packet was sent.
• source-wildcard — Specifies wildcard bits to the source MAC address by placing 1s in bit positions
to be ignored.
• any — Specify a MAC address and mask. For example, to set 00:00:00:00:10:XX use the Mac
address 00:00:00:00:10:00 and mask 00:00:00:00:00:FF.
• destination — Specifies the MAC address of the host to which the packet is being sent.
• destination-wildcard — Specifies wildcard bits to the destination MAC address by placing 1s in bit
positions to be ignored.
• vlan-id — Specifies the vlan id of the packet. (Range: 1 - 4094)
• cos — Specifies the packets's Class of Service (CoS). (Range: 0 - 7)
• cos-wildcard — Specifies wildcard bits to be applied to the CoS.
• eth-type — Specifies the packet's Ethernet type in hexadecimal format. (0 - 05dd-ffff {hex})
Default Configuration
No MAC access list is defined.
Command Mode
MAC-Access List Configuration mode.
User Guidelines
• MAC BPDU packets cannot be denied.
• Each MAC address in the ACL is a ACE (Access Control Element) and can only be removed by deleting
the ACL using the no ip access-list Global Configuration mode command or the Web-based interface.
97
ACL Commands