3 mac access-list – Fortinet MR1 User Manual
Page 285
285
Syntax
mac access-list extended rename
Default Setting
None
Command Mode
Global Config
5.13.2.3 mac access-list
This command creates a new rule for the current MAC access list. Each rule is appended to
the list of configured rules for the list. Note that an implicit 'deny all' MAC rule always
terminates the access list. Note: The 'no' form of this command is not supported, as the rules
within an ACL cannot be deleted individually. Rather, the entire ACL must be deleted and
re-specified.
A rule may either deny or permit traffic according to the specified classification fields. At a
minimum, the source and destination MAC value and mask pairs must be specified, each of
which may be substituted using the keyword any to indicate a match on any value in that field.
The bpdu keyword may be specified for the destination MAC value/mask pair indicating a
well-known BPDU MAC value of 01-80-c2-xx-xx-xx (hex), where 'xx' indicates a don't care.
The remaining command parameters are all optional. The Ethertype may be specified as
either a keyword or a four-digit hexadecimal value from 0x0600-0xFFFF. The currently
supported
mplsucast, netbios, novell, pppoe, rarp. Each of these translates into its equivalent Ethertype
value(s). The assign-queue parameter allows specification of a particular hardware queue
for handling traffic that matches this rule. The allowed
the number of user configurable queues available for the hardware platform. The redirect
parameter allows the traffic matching this rule to be forwarded to the specified
The assign-queue and redirect parameters are only valid for a 'permit' rule.
Syntax
{deny|permit} {{
[
<0-6>] [redirect