ACL Commands
48 Intel® Blade Server Ethernet Switch Modules SBCEGBESW1 and SBCEGBESW10 CLI Guide
• destination — Specifies the MAC address of the host to which the packet is being
sent.
• destination-wildcard — Specifies wildcard bits to be applied to the destination MAC
address. Use 1s in bit positions to be ignored.
• vlan-id — Specifies the ID of the packet vlan. (Range: 0-4095)
• cos — Specifies the Class of Service (CoS) for the packet. (Range: 0-7)
• cos-wildcard — Specifies wildcard bits to be applied to the CoS.
• eth-type — Specifies the Ethernet type of the packet .(Range: 0-65535)
Default Configuration
No MAC ACL is defined.
Command Mode
MAC-Access List Configuration mode
User Guidelines
Before an Access Control Element (ACE) is added to an ACL, all packets are permitted.
After an ACE is added, an implied
deny-any-any condition exists at the end of the list
and those packets that do not match the conditions defined in the permit statement are
denied.
If the VLAN ID is specified, the policy map cannot be connected to the VLAN interface.
Example
The following example shows how to create a MAC ACL with permit rules.
deny (MAC)
The deny MAC-Access List Configuration mode command denies traffic if the conditions
defined in the deny statement match.
Syntax
deny [disable-port] {any | {source source-wildcard} {any | {destination destination-
wildcard
}}[vlan vlan-id] [cos cos cos-wildcard] [ethtype eth-type]
Console(config)#
mac access-list
macl-acl1
Console(config-mac-al)#
permit 6:6:6:6:6:6 0:0:0:0:0:0 any vlan 6