Permit | Deny (Mac Access-List) - D-Link DGS-6600-48T Cli Reference Manual

DGS-6604 m

permit | deny (mac access-list)

{ permit | deny } { any | host SRC-MAC-ADDR | SRC-MAC-ADDR MASK } { any | host DST-MAC-
ADDR | DST-MAC-ADDR MASK } [ ethernet-type TYPE | llc dsap DSAP ssap SSAP cntl CNTL ]
[ dot1p PRIORITY-TAG ] [ VLAN VLAN-ID ] [ time-range PROFILE-NAME ] [ priority PRIORITY ]
no { permit | deny } { any | host SRC-MAC-ADDR | SRC-MAC-ADDR MASK } { any | host DST-
MAC-ADDR | DST-MAC-ADDR MASK } [ ethernet-typeTYPE | llc dsap DSAP ssap SSAP cntl
CNTL ] [ dot1p PRIORITY-TAG ] [ VLAN VLAN-ID ] [ time-range ]
Syntax Description
any
host SRC-MAC-ADDR Specifies a specific source MAC address.
SRC-MAC-ADDR
MASK
host DST-MAC-ADDR Specifies a specific destination MAC address.
DST-MAC-ADDR
MASK
ethernet-typeTYPE
llc dsap DSAP ssap
SSAP cntl CNTL
dot1p PRIORITY-TAG (Optional) Priority tag in value of 0~7.
VLAN VLAN-ID
time-range PROFILE-
NAME
priority PRIORITY
Default
CLI Reference Guide
Use the permit command to define the rule for packets to be based on their MAC
address. Use the deny command to define the rule for packets that are to be
denied. Use the no permit command to remove a permit entry, and use the no
deny command to remove a deny entry.
Specifies any source MAC address or any destination MAC address.
Specifies a group of source MAC addresses using a mask.
Specifies a group of destination MAC addresses by using mask.
(Optional) Specifies that the protocol type for the Ethernet_II packet or a SNAP
packet by specifying the Ethernet type value which is a number from 0 to 65535.
(Optional) Specifies the protocol type for the LLC packet by specifying the DSAP,
SSAP and CONTROL number which is a number from 0 to 255.
(Optional) Specifies the VLAN ID which a number from 1 to 4094.
(Optional) Specifies the name of a time-period profile for activation of the
access-list.
With the no form of this command, this option, time-range (without PROFILE-
NAME), removes the setting of an active timer-period, rather than removing the
whole entry.
(Optional) Access entry priority range is 1 to 65535 where the lower value
represents higher priority for the sequence number. If no priority is specified, the
system automatically assigns it with a priority that is 10 greater than the largest
sequence in that access list and places it at the end of the list.
If the priority is not specified, the system assigns it with a priority value 10 or
greater than the largest sequence in that access list and it is placed at the end of
the list.
If the priority is manually assigned, it is better to have a reserved interval for a
future higher priority entry. Otherwise the system attempts to insert an entry with
a higher priority.
permit | deny (mac access-list)
463