beautypg.com

Mac address filters command syntax – Brocade FastIron Ethernet Switch Security Configuration Guide User Manual

Page 248

background image

MAC address filters command syntax

To configure and apply a MAC address filter, enter commands such as the following.

device(config)# mac filter 1 deny 0000.0075.3676 ffff.0000.0000

device(config)# mac filter 2 deny any ffff.ffff.ffff ffff.ffff.ffff

device(config)# mac filter 3 deny any 0180.c200.0000 ffff.ffff.fff0

device(config)# mac filter 4 deny any 0000.0034.5678 ffff.ffff.ffff

device(config)# mac filter 5 deny any 0000.0045.6789 ffff.ffff.ffff

device(config)# mac filter 1024 permit any any

device(config)# int e 1

device(config-if-e1000-1)# mac filter-group 1 to 5 1024

These commands configure filter 1 to deny traffic with a source MAC address that begins with "3565"
to any destination, and configure filters 2 through 5 to deny traffic with the specified destination MAC
addresses. Filter 1024 permits all traffic that is not denied by any other filter.

NOTE
Once you apply a MAC address filter to a port, the device drops all Ethernet traffic on the port that
does not match a MAC permit filter on the port.

Syntax: [no] mac filter filter-num { permit | deny } [ src-mac mask | any ] [ dest-mac mask | any ]

You can configure up to 507 MAC filters for filter-num. The default value is 512.

The permit or deny argument determines the action the software takes when a match occurs.

The src-mac mask | any parameter specifies the source MAC address. You can enter a specific
address value and a comparison mask or the keyword any to filter on all MAC addresses. Specify the
mask using f (ones) and zeros. For example, to match on the first two bytes of the address
aabb.ccdd.eeff, use the mask ffff.0000.0000. In this case, the filter matches on all MAC addresses that
contain "aabb" as the first two bytes. The filter accepts any value for the remaining bytes of the MAC
address. If you specify any , do not specify a mask. In this case, the filter matches on all MAC
addresses.

The dest-mac mask | any parameter specifies the destination MAC address. The syntax rules are the
same as those for the src-mac mask | any parameter.

Syntax: no mac filter log-enable

Globally enables logging for filtered packets.

Syntax: no mac filter-group log-enable

Enables logging for filtered packets on a specific port.

Syntax: [no] mac filter-group filter-number [ to filter-number | filter-number ... ]

Applies MAC address filters to a port.

When applying the filter-group to the interface, specify each line to be applied separately or use the to
keyword to apply a consecutive range of filter lines, for example, 1 3 to 8 10.

NOTE
The filters must be applied as a group. For example, if you want to apply four filters to an interface,
they must all appear on the same command line.

MAC address filters command syntax

248

FastIron Ethernet Switch Security Configuration Guide

53-1003088-03

See also other documents in the category Brocade Computer Accessories: