Dell Force10 S25N-S50N FTOS Command Line Reference Guide FTOS 8.4.2.7 E-Series - Page 258
Extended MAC ACL Commands
View all Dell Force10 S25N-S50N manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 258 highlights
www.dell.com | support.dell.com Extended MAC ACL Commands When an access-list is created without any rule and then applied to an interface, ACL behavior reflects implicit permit. c and s platforms support Ingress MAC ACLs only. The following commands configure Extended MAC ACLs. • deny • mac access-list extended • permit • seq Note: See also Commands Common to all ACL Types and Common MAC Access List Commands. deny c e s Configure a filter to drop packets that match the filter criteria. Syntax deny {any | host mac-address | mac-source-address mac-source-address-mask} {any | host mac-address | mac-destination-address mac-destination-address-mask} [ethertype-operator] [count [byte]] [log] [monitor] To remove this filter, you have two choices: • Use the no seq sequence-number command syntax if you know the filter's sequence number or • Use the no deny {any | host mac-address | mac-source-address mac-source-address-mask} {any | host mac-address | mac-destination-address mac-destination-address-mask} command. Parameters any host mac-address mac-source-address mac-source-address-mask mac-destination-address mac-destination-address-mask Enter the keyword any to drop all packets. Enter the keyword host followed by a MAC address to drop packets with that host address. Enter the source MAC address in nn:nn:nn:nn:nn:nn format. Specify which bits in the MAC address must match. The MAC ACL supports an inverse mask, therefore, a mask of ff:ff:ff:ff:ff:ff allows entries that do not match and a mask of 00:00:00:00:00:00 only allows entries that match exactly. Enter the destination MAC address and mask in nn:nn:nn:nn:nn:nn format. Specify which bits in the MAC address must match. The MAC ACL supports an inverse mask, therefore, a mask of ff:ff:ff:ff:ff:ff allows entries that do not match and a mask of 00:00:00:00:00:00 only allows entries that match exactly. 258 | Access Control Lists (ACL)