Cisco AP775A - Nexus Converged Network Switch 5010 Command Reference Manual page 383
Cisco nexus 5000 series command reference, release 4.1(3)n1(1) (ol-16599-01, august 2009)
Hide thumbs
Also See for AP775A - Nexus Converged Network Switch 5010:
- Configuration manual (1486 pages) ,
- Reference (886 pages) ,
- Release note (26 pages)
Table of Contents
Advertisement
Chapter 6
Security Commands
S e n d c o m m e n t s t o n x 5 0 0 0 - d o c f e e d b a c k @ c i s c o . c o m
Command History
Release
4.0(0)N1(1a)
Usage Guidelines
When the switch applies a MAC ACL to a packet, it evaluates the packet with every rule in the ACL. The
switch enforces the first rule whose conditions are satisfied by the packet. When the conditions of more
than one rule are satisfied, the switch enforces the rule with the lowest sequence number.
Source and Destination
You can specify the source and destination arguments in one of two ways. In each rule, the method that
you use to specify one of these arguments does not affect how you specify the other argument. When
you configure a rule, use the following methods to specify the source and destination arguments:
•
•
MAC Protocols
The protocol argument can be the MAC protocol number or a keyword. Protocol numbers are a four-byte
hexadecimal number prefixed with 0x. Valid protocol numbers are from 0x0 to 0xffff. Valid keywords
are the following:
•
•
•
•
•
•
•
•
•
•
•
•
OL-16599-01
Modification
This command was introduced.
Address and mask—You can use a MAC address followed by a mask to specify a single address or
a group of addresses. The syntax is as follows:
MAC-address MAC-mask
The following example specifies the source argument with the MAC address 00c0.4f03.0a72:
switch(config-acl)# deny 00c0.4f03.0a72 0000.0000.0000 any
The following example specifies the destination argument with a MAC address for all hosts with a
MAC vendor code of 00603e:
switch(config-acl)# deny any 0060.3e00.0000 0000.0000.0000
Any address—You can use the any keyword to specify that a source or destination is any MAC
address. For examples of the use of the any keyword, see the examples in this section. Each of the
examples shows how to specify a source or destination by using the any keyword.
aarp—Appletalk ARP (0x80f3)
appletalk—Appletalk (0x809b)
decnet-iv—DECnet Phase IV (0x6003)
diagnostic—DEC Diagnostic Protocol (0x6005)
etype-6000—EtherType 0x6000 (0x6000)
etype-8042—EtherType 0x8042 (0x8042)
ip—Internet Protocol v4 (0x0800)
lat—DEC LAT (0x6004)
lavc-sca—DEC LAVC, SCA (0x6007)
mop-console—DEC MOP Remote console (0x6002)
mop-dump—DEC MOP dump (0x6001)
vines-echo—VINES Echo (0x0baf)
Cisco Nexus 5000 Series Command Reference
deny (MAC)
6-35
Advertisement
Table of Contents
