Table of Contents
Advertisement
ACL Commands
78-20269-01 Command Line Interface Reference Guide
Syntax
{any | source source-wildcard} {any | destination destination-wildcard}
deny
[{eth-type 0}| aarp | amber | dec-spanning | decnet-iv | diagnostic | dsm |
etype-6000] [vlan vlan-id] [cos cos cos-wildcard] [disable-port | log-input]
Parameters
•
source—Source MAC address of the packet.
•
source-wildcard—Wildcard bits to be applied to the source MAC address.
Use ones in the bit position that you want to be ignored.
•
destination—Destination MAC address of the packet.
•
destination-wildcard—Wildcard bits to be applied to the destination MAC
address. Use 1s in the bit position that you want to be ignored.
•
eth-type—The Ethernet type in hexadecimal format of the packet.
•
vlan-id—The VLAN ID of the packet. (Range: 1–4094)
•
cos—The Class of Service of the packet.(Range: 0–7)
•
cos-wildcard—Wildcard bits to be applied to the CoS.
•
disable-port—The Ethernet interface is disabled if the condition is matched.
•
log-input—Sends an informational syslog message about the packet that
matches the entry. Because forwarding is done in hardware and logging is
done in software, if a large number of packets match a deny ACE containing
a log-input keyword, the software might not be able to match the hardware
processing rate, and not all packets will be logged.
Default Configuration
No MAC access list is defined.
Command Mode
MAC Access-list Configuration mode
User Guidelines
After an access control entry (ACE) is added to an access control list, an implicit
deny any any condition exists at the end of the list. That is, if there are no matches,
the packets are denied. However, before the first ACE is added, the list permits all
packets.
40
547
Advertisement
Table of Contents
