beautypg.com

Viewing layer 2 acls, Example of layer 2 acl deny by mac address – Brocade BigIron RX Series Configuration Guide User Manual

Page 669

background image

BigIron RX Series Configuration Guide

591

53-1002484-04

Viewing Layer 2 ACLs

21

Viewing Layer 2 ACLs

Use the show access-list command to monitor configuration and statistics and to diagnose Layer 2
ACL tables. The following shows an example output.

BigIron RX(config)# show access-list 400

L2 MAC Access List 400:

permit any any 100 etype ipv4

deny any any any etype arp

Syntax: show access-list <number>

The <num> parameter specifies the Layer 2 ACL table ID.

Example of Layer 2 ACL deny by MAC address

In the following example, an ACL is created that denies all traffic from the host with the MAC
address 0012.3456.7890 being sent to the host with the MAC address 0011.2233.4455.

BigIron RX(config)# access-list 401 deny 0012.3456.7890 ffff.ffff.ffff

0011.2233.4455 ffff.ffff.ffff

BigIron RX(config)# access-list 401 permit any any

Using the mask, you can make the access list apply to a range of addresses. For instance if you
changed the mask in the previous example from 0012.3456.7890 to ffff.ffff.fff0, all hosts with
addresses from 0012.3456.7890 to 0012.3456.789f would be blocked. This configuration for this
example is shown in the following.

BigIron RX(config)# access-list 401 deny 0012.3456.7890 ffff.ffff.fffe

0011.2233.4455 ffff.ffff.ffff

BigIron RX(config)# access-list 401 permit any any

See also other documents in the category Brocade Computer Accessories: