Dell PowerConnect 6024 Command Line Interface (CLI) Guide (.htm) - Page 82

www.dell.com | support.dell.com User Guidelines When an access control entry (ACE) is added to an access control list, an implied deny-anyany condition exists at the end of the list. If there are no matches, the packets are denied. However, before the first ACE is added, the list permits all packets. If vlan id is used as a classifier element then it cannot connect a policy map to a VLAN interface. Example The following example configures a MAC ACE to allow traffic from MAC address 66:66:66:66:66:66 with any destination on VLAN 4. Console (config-mac-al)# permit 66:66:66:66:66:66 00:00:00:00:00:00 any vlan 4 deny (MAC) The deny mac-acl configuration mode command denies traffic if the conditions defined in the permit statement are matched. Syntax deny [disable-port] {any | {source source- wildcard} any | {destination destinationwildcard}}[vlan vlan-id] • disable-port-If the statement is deny, then the port is disabled. • Source MAC address can be one of the following: - any-Packets received from any MAC address. - source source-wildcard-MAC address and wildcard for host from which the packet is sent. Specify the MAC address and wildcard using hexadecimal format (HH:HH:HH:HH:HH:HH). • Destination MAC address can be one of the following: - any-Packets sent to any MAC address. - destination destination-wildcard-MAC address and wildcard for host to which the packet is sent. Specify the MAC address and wildcard using hexadecimal format (HH:HH:HH:HH:HH:HH). • vlan vlan-id-The packet VLAN. Default Configuration This command has no default configuration. Command Mode Mac-ACL Configuration mode 82 ACL Commands