beautypg.com

Example - denying traffic from any mac address – Brocade Communications Systems RFS6000 User Manual

Page 492

background image

490

Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide

53-1001931-01

MAC Extended ACL config commands

16

Parameters

Usage Guidelines

The deny command disallows traffic based on layer 2 (data-link layer) data. The MAC access list
denies traffic from a particular source MAC address or any MAC address. It can also disallow traffic
from a list of MAC addresses based on the source mask.

The MAC access list can disallow traffic based on the VLAN and ethertype.

The most common ethertypes are:

arp

wisp

ip

802.1q

NOTE

MAC ACL always takes precedence over IP based ACL’s.

The last ACE in the access list is an implicit deny statement.

Whenever the interface receives the packet, its content is checked against all the ACEs in the ACL.
It is allowed/denied based on the ACL configuration.

Example - denying traffic from any MAC address

The MAC ACL (in the example below) denies traffic from any source MAC address to a particular
host MAC address:

deny [|any|host
] [|any|

host ] {[dot1p|

rule-precedence|type|vlan]}

Define a source and destination MAC address and Mask
specifying the bits to match. The source and destination
wildcards can be any one of the following:

[|any|host ]– Source MAC
address and mask in the format
xx:xx:xx:xx:xx:xx/xx:xx:xx:xx:xx:xx

any – Any source host

hostExact source MAC address to match

dot1p <0-7>

Determine a 802.1p priority value to match. is
in the range 0 to 7.

rule-precedence <1-5000>

Define an access-list entry precedence

type [8021q|<1-65535>|
arp|appletalk|ip|ipv6|vlan|ipx|arp|
wisp]

Set an ethertype value represented as an integer. Use
keywords for well-known ethertypes (IP, IPv6, ARP etc.)

8021q – VLAN Ether type (0*8100)

<1-65535> – Ether protocol number

aarp – AARP Ether Type ( 0*80F3)

appletalk – APPLETALK Ether Type (0*809B)

arp – ARP Ether Type (0*0806)

ip – IP Ether Type (0*0800)

ipv6 – IPv6 Ether Type (0*86DD)

ipx – IPX Ether Type (0*8137)

rarp – RARP Ether Type (0*8035)

wisp – WISP Ether Type (0*8783)

vlan<1-4095>

Set a VLAN tag ID to match

This manual is related to the following products:
See also other documents in the category Brocade Communications Systems Hardware: