Permit (mac), Deny (mac), Permit (mac) deny (mac) – Allied Telesis AT-S94 CLI (AT-8000S Series) User Manual

Page 35

Allied Telesis
AT-8000S-S94-3.0 Command Line Interface User’s Guide

Example

The following example creates a MAC ACL.

permit (MAC)

The permit MAC-Access List Configuration mode command sets permit conditions for a MAC-Access List.

Syntax

permit {any | {source source-wildcard} any | {destination destination-wildcard}} [vlan vlan-id] [cos cos cos-
wildcard] [ethtype eth-type]

Parameters
•

source — Source MAC address of the packet.

•

source-wildcard — Wildcard bits to be applied to the source MAC address. Use 1s in the bit position to be

ignored.

•

destination — Destination MAC address of the packet.

•

destination-wildcard — Specifies wildcard bits to be applied to the destination MAC address. Use 1s in bit

positions to be ignored.

•

vlan-id — Specifies the ID of the packet VLAN.

•

cos — Specifies the Class of Service (CoS) for the packet. (Range: 0-7)

•

cos-wildcard — Specifies wildcard bits to be applied to the CoS.

•

eth-type — Specifies the Ethernet type in hexadecimal format of the packet. (Range: 0-05dd-fff)

Default Configuration

No MAC ACL is defined.

Command Mode

MAC-Access List Configuration mode

User Guidelines
•

Enter IP-Access List configuration mode by using the MAC access-list Global Configuration mode command.

•

After an access control entry (ACE) is added to an access control list, an implied deny-any-any condition

exists at the end of the list. That is, if there are no matches, the packets are denied. However, before the first
ACE is added, the list permits all packets.

Example

The following example creates a MAC ACL with permit rules.

deny (MAC)

The deny MAC-Access List Configuration mode command sets deny conditions for an MAC-Access List.

console(config)# mac access-list macl-acl1

console(config-mac-al)#

console(config)# mac access-list macl-acl1

console(config-mac-al)# permit 6:6:6:6:6:6 0:0:0:0:0:0 any vlan 6