Brocade Communications Systems RFS7000 Network Router User Manual


  Open as PDF
of 839
 
490 Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide
53-1001931-01
MAC Extended ACL config commands
16
Parameters
Usage Guidelines
The deny command disallows traffic based on layer 2 (data-link layer) data. The MAC access list
denies traffic from a particular source MAC address or any MAC address. It can also disallow traffic
from a list of MAC addresses based on the source mask.
The MAC access list can disallow traffic based on the VLAN and ethertype.
The most common ethertypes are:
arp
wisp
ip
802.1q
NOTE
MAC ACL always takes precedence over IP based ACL’s.
The last ACE in the access list is an implicit deny statement.
Whenever the interface receives the packet, its content is checked against all the ACEs in the ACL.
It is allowed/denied based on the ACL configuration.
Example - denying traffic from any MAC address
The MAC ACL (in the example below) denies traffic from any source MAC address to a particular
host MAC address:
deny [<MAC/Mask>|any|host
<MAC>] [<MAC/Mask>|any|
host <MAC>] {[dot1p|
rule-precedence|type|vlan]}
Define a source and destination MAC address and Mask
specifying the bits to match. The source and destination
wildcards can be any one of the following:
[<MAC/Mask>|any|host <MAC>]– Source MAC
address and mask in the format
xx:xx:xx:xx:xx:xx/xx:xx:xx:xx:xx:xx
any – Any source host
hostExact source MAC address to match
dot1p <0-7> Determine a 802.1p priority value to match. <priority> is
in the range 0 to 7.
rule-precedence <1-5000> Define an access-list entry precedence
type [8021q|<1-65535>|
arp|appletalk|ip|ipv6|vlan|ipx|arp|
wisp]
Set an ethertype value represented as an integer. Use
keywords for well-known ethertypes (IP, IPv6, ARP etc.)
8021q – VLAN Ether type (0*8100)
<1-65535> – Ether protocol number
aarp – AARP Ether Type ( 0*80F3)
appletalk – APPLETALK Ether Type (0*809B)
arp – ARP Ether Type (0*0806)
ip – IP Ether Type (0*0800)
ipv6 – IPv6 Ether Type (0*86DD)
ipx – IPX Ether Type (0*8137)
rarp – RARP Ether Type (0*8035)
wisp – WISP Ether Type (0*8783)
vlan<1-4095> Set a VLAN tag ID to match
 previous next