then the ACL rule is applied when the time-range with a specified name
becomes active. The ACL rule is removed when the time-range with a
specified name becomes inactive.
Syntax
{deny | permit} {{any |
ethertypekey
dstmacmask}} [
[[log] [time-range
interface-id
redirect}
•
srcmac —Valid source MAC address in format xxxx.xxxx.xxxx.
•
srcmacmask —Valid MAC address bitmask for the source MAC address in
format xxxx.xxxx.xxxx.
•
—Packets sent to or received from any MAC address.
any
•
dstmac —Valid destination MAC address in format xxxx.xxxx.xxxx.
•
destmacmask —Valid MAC address bitmask for the destination MAC
address in format xxxx.xxxx.xxxx.
•
—Bridge protocol data unit
bpdu
•
ethertypekey —Either a keyword or valid four-digit hexadecimal number.
(Range: Supported values are appletalk, arp, ibmsna, ipv4, ipv6, ipx,
mplsmcast, mplsucast, Netbios, novell, pppoe, rarp.)
•
0x0600-0xFFFF —Specify custom ethertype value (hexadecimal range
0x0600-0xFFFF).
•
—VLAN number. (Range 0-4095)
vlan eq
•
—
cos
Class of service. (Range 0-7)
•
—
log
Specifies that this rule is to be logged.
time-range-name —Use the time-range parameter to impose a time
•
limitation on the MAC ACL rule as defined by the parameter.
assign-queue—
•
matches the rule.
•
queue-id —
0-6, where n is number of user configurable queues available for that
hardware platform.
•
—
mirror
Copies the traffic matching this rule to the specified interface.
•
—
redirect
Forwards traffic matching this rule to the specified physical interface.
srcmac srcmacmask
0x0600-0xFFFF
|
time-range-name
]
Specifies particular hardware queue for handling traffic that
} {any | bpdu |
] vlan {eq
queue-id
] [assign-queue
dstmac
0-4095
}] [cos
] [{mirror |
ACL Commands
0-7
]
267