Intel SBCEGBESW10 CLI Switch User Manual


 
ACL Commands
Intel® Blade Server Ethernet Switch Modules SBCEGBESW1 and SBCEGBESW10 CLI Guide 49
Parameters
disable-port — Indicates that the port is disabled if the statement is deny.
source — Specifies the MAC address of the host from which the packet was sent.
source-wildcard — (Optional for the first type) Specifies wildcard bits by placing 1s
in bit positions to be ignored.
destination — Specifies the MAC address of the host to which the packet is being
sent.
destination-wildcard — (Optional for the first type) Specifies wildcard bits by placing
1s in bit positions to be ignored.
vlan-id — Specifies the ID of the packet vlan.
cos — Specifies the packets’s Class of Service (CoS).
cos-wildcard — Specifies wildcard bits to be applied to the CoS.
eth-type — Specifies the packet’s Ethernet type.
Default Configuration
This command has no default configuration.
Command Mode
MAC-Access List Configuration mode
User Guidelines
MAC BPDU packets cannot be denied.
This command defines an Access Control Element (ACE). An ACE can only be removed
by deleting the ACL, using the
no mac access-list Global Configuration mode command.
Alternatively, the Web-based interface can be used to delete ACEs from an ACL.
Before an Access Control Element (ACE) is added to an ACL, all packets are permitted.
After an ACE is added, an implied
deny-any-any condition exists at the end of the list
and those packets that do not match the conditions defined in the permit statement are
denied.
If the VLAN ID is specified, the policy map cannot be connected to the VLAN interface.
Example
The following example shows how to create a MAC ACL with deny rules on a device.
Console(config)#
mac access-list
macl1
Console (config-mac-acl)#
deny
6:6:6:6:6:6:0:0:0:0:0:0
any