beautypg.com

3 mac access-list – Fortinet MR1 User Manual

Page 285

background image

285

Syntax

mac access-list extended rename

- Old name which uniquely identifies the MAC access list.

- New name which uniquely identifies the MAC access list.

Default Setting

None

Command Mode

Global Config

5.13.2.3 mac access-list

This command creates a new rule for the current MAC access list. Each rule is appended to
the list of configured rules for the list. Note that an implicit 'deny all' MAC rule always
terminates the access list. Note: The 'no' form of this command is not supported, as the rules
within an ACL cannot be deleted individually. Rather, the entire ACL must be deleted and
re-specified.
A rule may either deny or permit traffic according to the specified classification fields. At a
minimum, the source and destination MAC value and mask pairs must be specified, each of
which may be substituted using the keyword any to indicate a match on any value in that field.
The bpdu keyword may be specified for the destination MAC value/mask pair indicating a
well-known BPDU MAC value of 01-80-c2-xx-xx-xx (hex), where 'xx' indicates a don't care.
The remaining command parameters are all optional. The Ethertype may be specified as
either a keyword or a four-digit hexadecimal value from 0x0600-0xFFFF. The currently
supported values are: appletalk, arp, ibmsna, ipv4, ipv6, ipx, mplsmcast,
mplsucast, netbios, novell, pppoe, rarp. Each of these translates into its equivalent Ethertype
value(s). The assign-queue parameter allows specification of a particular hardware queue
for handling traffic that matches this rule. The allowed value is 0-(n-1), where n is
the number of user configurable queues available for the hardware platform. The redirect
parameter allows the traffic matching this rule to be forwarded to the specified .
The assign-queue and redirect parameters are only valid for a 'permit' rule.



Syntax

{deny|permit} {{ }| any | bpdu}
[ | <0x0600-0xFFFF>] [vlan {eq <1-3965>}] [cos <0-7>] [assign-queue
<0-6>] [redirect ]