Dell FCX624-E Laptop User Manual


  Open as PDF
of 1494
 
PowerConnect B-Series FCX Configuration Guide 317
53-1002266-01
Defining MAC address filters
9
PowerConnect(config)# mac filter 3 deny any 0180.c200.0000 ffff.ffff.fff0
PowerConnect(config)# mac filter 4 deny any 0000.1234.5678 ffff.ffff.ffff
PowerConnect(config)# mac filter 5 deny any 0000.2345.6789 ffff.ffff.ffff
PowerConnect(config)# mac filter 1024 permit any any
PowerConnect(config)# int e 1
PowerConnect(config-if-e1000-1)# mac filter-group 1 to 5 1024
These commands configure filter 1 to deny traffic with a source MAC address that begins with
“3565” to any destination, and configure filters 2 through 5 to deny traffic with the specified
destination MAC addresses. Filter 1024 permits all traffic that is not denied by any other filter.
NOTE
Once you apply a MAC address filter to a port, the device drops all Ethernet traffic on the port that
does not match a MAC permit filter on the port.
Syntax: [no] mac filter <filter-num> permit | deny <src-mac> <mask> | any <dest-mac> <mask |
any
The permit | deny argument determines the action the software takes when a match occurs.
The <src-mac> <mask> | any parameter specifies the source MAC address. You can enter a
specific address value and a comparison mask or the keyword any to filter on all MAC addresses.
Specify the mask using f (ones) and zeros. For example, to match on the first two bytes of the
address aabb.ccdd.eeff, use the mask ffff.0000.0000. In this case, the filter matches on all MAC
addresses that contain "aabb" as the first two bytes. The filter accepts any value for the remaining
bytes of the MAC address. If you specify any, do not specify a mask. In this case, the filter matches
on all MAC addresses.
The <dest-mac> <mask> | any parameter specifies the destination MAC address. The syntax rules
are the same as those for the <src-mac> <mask> | any parameter.
Syntax: [no] mac filter log-enable
Globally enables logging for filtered packets.
Syntax: [no] mac filter-group log-enable
Enables logging for filtered packets on a specific port.
Syntax: [no] mac filter-group <filter-number> [to <filter-number> | <filter-number>...]
Applies MAC address filters to a port.
When applying the filter-group to the interface, specify each line to be applied separately or use the
to keyword to apply a consecutive range of filter lines, for example, 1 3 to 8 10.
NOTE
The filters must be applied as a group. For example, if you want to apply four filters to an interface,
they must all appear on the same command line.
NOTE
You cannot add or remove individual filters in the group. To add or remove a filter on an interface,
apply the filter group again containing all the filters you want to apply to the port.
NOTE
If you apply a filter group to a port that already has a filter group applied, the older filter group is
replaced by the new filter group.