Advertisement
seq ether-type
e
Syntax
Parameters
246
|
Access Control Lists (ACL)
•
If the sequence-number is configured, then the sequence-number is used as a tie breaker for
rules with the same order.
Note:
When ACL logging and byte counters are configured simultaneously, byte counters
may display an incorrect value. Configure packet counters with logging instead.
You cannot include IP, TCP or UDP (Layer 3) filters in an ACL configured with ARP or Ether-type
(Layer 2) filters. Apply Layer 2 ACLs to interfaces in Layer 2 mode.
Configure an egress filter with a specific sequence number that filters traffic with specified types of
Ethernet packets. This command is supported only on 12-port GE line cards with SFP optics; refer to
your line card documentation for specifications.
seq sequence-number {deny | permit} ether-type protocol-type-number
{destination-mac-address mac-address-mask | any} vlan vlan-id {source-mac-address
mac-address-mask | any} [count [byte] | log] [order] [monitor]
sequence-number
deny
permit
protocol-type-number
destination-mac-address
mac-address-mask
any
vlan vlan-id
source-mac-address
mac-address-mask
count
byte
log
Enter a number from 0 to 4294967290.
deny
Enter the keyword
to drop all traffic meeting the filter criteria.
permit
Enter the keyword
to forward all traffic meeting the filter criteria.
Enter a number from 600 to FFFF as the specific Ethernet type traffic to drop.
Enter a MAC address and mask in the nn:nn:nn:nn:nn format.
For the MAC address mask, specify which bits in the MAC address must
match.
The MAC ACL supports an inverse mask, therefore, a mask of ff:ff:ff:ff:ff:ff
allows entries that do not match and a mask of 00:00:00:00:00:00 only allows
entries that match exactly.
any
Enter the keyword
to match and drop specific Ethernet traffic on the
interface.
vlan
Enter the keyword
followed by the VLAN ID to filter traffic associated
with a specific VLAN.
Range: 1 to 4094, 1 to 2094 for ExaScale (can used IDs 1 to 4094)
To filter all VLAN traffic specify VLAN 1.
Enter a MAC address and mask in the nn:nn:nn:nn:nn format.
For the MAC address mask, specify which bits in the MAC address must
match.
The MAC ACL supports an inverse mask, therefore, a mask of ff:ff:ff:ff:ff:ff
allows entries that do not match and a mask of 00:00:00:00:00:00 only allows
entries that match exactly.
(OPTIONAL) Enter the keyword
filter.
(OPTIONAL) Enter the keyword
(OPTIONAL, E-Series only) Enter the keyword
kept in an ACL log file.
count
to count packets processed by the
byte
to count bytes processed by the filter.
log
to have the information
Advertisement
