Dell PowerConnect 6024 Command Line Interface (CLI) Guide (.htm) - Page 83

User Guidelines When an access control entry (ACE) is added to an access control list, an implied deny-anyany condition exists at the end of the list. If there are no matches, the packets are denied. However, before the first ACE is added, the list permits all packets. If vlan id is used as a classifier element then it cannot connect a policy map to a VLAN interface. Example The following example configures a MAC ACE to deny traffic from MAC address 6:6:6:6:6:6. Console (config)# mac access-list dell Console (config-mac-al)# deny 06:06:06:06:06:06 00:00:FF:FF:FF:FF any service-acl The service-acl interface configuration command applies an access-list to the interface input. To detach an access-list from an interface use the no form of this command. Syntax service-acl {input acl-name} no service-acl {input} • input acl-name-Apply the specified ACL to the input interface. Default Configuration This command has no default configuration. Command Mode Interface Configuration mode User Guidelines Whenever an ACL is assigned to an interface (port, LAG or VLAN), flows (from that ingress interface) that do not match the ACL are matched to the default rule: "drop unmatched packets". If an ACL X is bound to a port and the port becomes a member of the VLAN to which a different ACL Y is bound, then the ACL Y bound to the VLAN overrides the ACL X bound to the port. Example The following example attaches the ACL "dell" to the interface input. Console (config-if)# service-acl input dell ACL Commands 83