beautypg.com

Deny (extended acls) – Brocade Network OS Command Reference v4.1.0 User Manual

Page 247

background image

Network OS Command Reference

209

53-1003115-01

deny (extended ACLs)

2

deny (extended ACLs)

Configures a MAC address rule to drop traffic based on the source and destination MAC
addresses.

Synopsis

deny {any | host MAC_ADDRESS | MAC_ADDRESS/mask] [any | host MAC_ADDRESS |
MAC_ADDRESS/mask] [EtherType | arp | fcoe | ipv4] [count] [log]}

no deny {any | host MAC_ADDRESS | MAC_ADDRESS] [any | host MAC_ADDRESS |
MAC_ADDRESS/mask] [EtherType | arp | fcoe | ipv4}

Operands

any

Specifies any source MAC address.

host MAC_ADDRESS Specifies the source host MAC address for which to set deny conditions.

Use the format HHHH.HHHH.HHHH.

MAC_ADDRESS

Specifies the destination host MAC address for which to set deny
conditions. Use the format HHHH.HHHH.HHHH.

mask

Specifies the mask for the associated host MAC address.

any

Specifies any destination MAC address.

host MAC_ADDRESS Specifies the source host address for which to set deny conditions. Use the

format HHHH.HHHH.HHHH.

MAC_ADDRESS

Specifies the destination host address for which to set deny conditions.
Use the format HHHH.HHHH.HHHH.

EtherType

Specifies the protocol number for which to set the deny conditions. Valid
values range from 1536 through 65535.

arp

Specifies to deny the Address Resolution Protocol (0x0806).

fcoe

Specifies to deny the Fibre Channel over Ethernet Protocol (0x8906).

ipv4

Specifies to deny the IPv4 protocol (0x0800).

count

Enables counting of the packets matching the rule.

log

Enables the logging feature.

Defaults

No MAC addresses are subjected to traffic dropping.

Command Modes

Feature Access Control List configuration mode

Description

Use this command to configure rules to match and drop traffic based on the source and
destination MAC addresses and the protocol type. You can also enable counters for a specific rule.
The counters supported per port group vary based on platform.

Usage Guidelines

The first set of [any | host MAC_ADDRESS | MAC_ADDRESS] parameters is specific to the source
MAC address. The second set of [any | host MAC_ADDRESS | MAC_ADDRESS] parameters is
specific to the destination MAC address.

See also other documents in the category Brocade Computer Accessories: