beautypg.com

Deny – Brocade Mobility RFS7000-GR Controller CLI Reference Guide (Supporting software release 4.1.0.0-040GR and later) User Manual

Page 401

background image

Brocade Mobility RFS7000-GR CLI Reference Guide

387

53-1001945-01

MAC Extended ACL Config Commands

16

deny

MAC Extended ACL Config Commands

Use this command to specify packets to reject.

NOTE

Use a decimal value representation of ethertypes to implement a

permit/deny/mark

designation for a packet. The command set for Extended MAC ACLs provides

hexadecimal values for each listed ethertype. The switch supports all ethertypes. Use the decimal
equvilant of the ethertype listed or for any other type of ethertype.

Syntax

{deny}{any|host source MAC address|source MAC/source MAC address mask} {any|host

destination MAC address|destination MAC/destination MAC address mask}[vlan

vlan-id] [dot1p dot1p-value] [type value|ip|ipv6|arp||wisp | 0-65535] [log]

[rule-precedence access-list-entry precedence]

Parameters

Usage Guidelines

The deny command disallows traffic based on layer 2 (data-link layer) information. The MAC access
list denies traffic from a particular source MAC address or any MAC address. It also has an option
to disallow traffic from a list of MAC addresses based on the source mask.

The MAC access list can be configured to disallow traffic based on VLAN information and ethernet
type.

The most common ethernet type are:

aarp

apple-talk

Source Mask

Bit mask specifying the bits to match. Source wildcard can be any one of
the following:

xx:xx:xx:xx:xx:xx/xx:xx:xx:xx:xx:xx

–Source MAC

address and mask.

any

– Any source host.

host –

Exact source MAC address to match.

Destination Mask

Bit mask specifying the bits to match. Source wildcard can be any one of
the following:

xx:xx:xx:xx:xx:xx/xx:xx:xx:xx:xx:xx

–Destination MAC

address and mask.

any

– Any destination host.

host –

Exact destination MAC address to match.

dot1p

<0-7>

802.1p priority value to match.

rule-precedence

<1-5000>

Access-list entry precedence.

type
(8021q|

<1-65535>aarp|apple-talk||

arp|ip|ipv6|ipx|rarp||
wisp) (rule-precedence)

Ethertype value represented as integer or keywords for well-known
ethertypes like IP, IPv6, ARP etc.

vlan

<1-4095>

VLAN tag ID to match.

See also other documents in the category Brocade Computer Accessories: