Filter
Top Products
Configuring ACLs
78
NXA-ENET24 - Software Management Guide
Configuring a MAC ACL - CLI
This rule permits packets from any source MAC address to the destination address 00-e0-29-94-34-de where
the Ethernet type is 0800.
Configuring ACL Masks
You can specify optional masks that control the order in which ACL rules are checked. The switch includes
two system default masks that pass/filter packets matching the permit/deny rules specified in an ingress ACL.
You can also configure up to seven user-defined masks for an ingress or egress ACL. A mask must be bound
exclusively to one of the basic ACL types (i.e., Ingress IP ACL, Egress IP ACL, Ingress MAC ACL or Egress
MAC ACL), but a mask can be bound to up to four ACLs of the same type.
Command Usage
Up to seven entries can be assigned to an ACL mask.
Packets crossing a port are checked against all the rules in the ACL until a match is found. The
order in which these packets are checked is determined by the mask, and not the order in which the
ACL rules are entered.
First create the required ACLs and the ingress or egress masks before mapping an ACL to an
interface.
You must configure a mask for an ACL rule before you can bind it to a port or set the queue or
frame priorities associated with the rule.
Specifying the Mask Type
Use the ACL Mask Configuration page to edit the mask for the Ingress IP ACL (Egress IP ACL, Ingress MAC
ACL or Egress MAC ACL).
FIG. 77 Web - Configuring MAC ACLs
FIG. 78 CLI - Configuring MAC ACLs