Deny (standard acls) – Brocade Network OS Command Reference v4.1.0 User Manual

Page 249

Network OS Command Reference

211

53-1003115-01

deny (standard ACLs)

Configures a MAC address rule to drop traffic based on the source MAC address.

Synopsis

deny {MAC_ADDRESS/mask | any} [count]

no deny {MAC_ADDRESS/mask | any}

Operands

MAC_ADDRESS

Specifies the source host MAC address for which to set deny conditions.
The correct format is: HHHH.HHHH.HHHH.

mask

Specifies the mask for the associated host MAC address.

any

Specifies any source MAC address.

count

Enables counting of the packets matching the rule.

Defaults

No MAC ACLs are subjected to traffic dropping.

Command Modes

Feature Access Control List configuration mode

Description

Use this command to configure rules to match and to drop traffic based on the source MAC
address. You can also enable counters for a specific rule. 255 ACL counters are supported per
port group.

Usage Guidelines

The first set of [any | host MAC_ADDRESS | MAC_ADDRESS] parameters is specific to the source
MAC address. The second set of [any | host MAC_ADDRESS | MAC_ADDRESS] parameters is
specific to the destination MAC address.

•

The order of the rules in an ACL is critical. The first rule that matches the traffic stops further
processing of the frames. Rules containing specific information should be listed first, followed
by rules that contain more general information.

•

Enter no deny any to deny any rule that was added earlier.

•

Enter no deny any to deny any rule that was added earlier.

•

Enter no deny followed by a specific address to remove traffic dropping for a from the
specified MAC address.

Examples

To create a rule in a MAC standard ACL to drop traffic from the source MAC address
0022.3333.4444 and to enable the counting of packets:

switch(conf-macl-std)# deny 0022.3333.4444/255.255.0.0 count

To delete a rule from a MAC standard ACL:

switch(conf-macl-std)# no deny 0022.3333.4444/255.255.0.0