Manualshelf

Technical data

ManualsBrandsBrocade Communications Systems ManualsComputer equipment8/80
21222324252627282930
ServerIron Switching and Routing Guide
2 - 16 © 2012 Brocade Communications Systems, Inc. May 2012
NOTE: Once you define a MAC filter, the device drops Layer 2 traffic that does not match a MAC permit filter.
Additional Examples of Layer 2 MAC Filter Definitions
ServerIron(config)#mac filter 1 permit any any etype eq 0800
This filter configures the device to permit (forward) any inbound packet with the Ethertype field set to 0800 (IP).
ServerIron(config)#mac filter 2 deny 0080.0020.000 ffff.ffff.0000 any etype eq 0800
This filter configures the device to deny an inbound packet with the first four bytes set to 0800.0020.xxxx and an
EtherType field set to 0800 (IP). The destination field does not matter.
ServerIron(config)#mac filter 3 deny any 00e0.5200.1234 ffff.ffff.ffff snap eq 0800
This filter configures the device to deny any inbound IEEE 802.3 packet with a destination set to 00e0.5200.1234
and a SNAP EtherType set to 0800. The source address does not matter.
ServerIron(config)#mac filter 32 permit any any
This filter permits all packets. This filter is used as the last filter assigned in a filter-group that has previous deny
filters in the group.
Abbreviating the Address or Mask
Address and Mask abbreviations are allowed. However, be careful when configuring them. The default fill
character is a 0 and it will fill a byte range as left justified. This applies only to the MAC address and mask. A
range of frame types cannot be filtered. Each frame type must be entered. Here are some examples.
ServerIron(config)#mac filter 1 deny 0800.0700 ffff.ff00 any
This command expands to the following: mac filter 1 deny 0800.0700.0000 ffff.ff00.0000. The
filter shown above denied forwarding of an inbound frame that has the source address set to 080007 as the first
three bytes. All other information is not significant.
Here is another example of the fill feature:
ServerIron(config)#mac filter 2 deny 0260.8C00.0102 0.0.ffff any
This command expands to the following: mac filter 1 deny 0260.8C00.0102 0000.0000.ffff any
Since the fill character is 0's and the fill is left justified, certain filters will not allow for abbreviations. For example,
suppose you want to deny an inbound packet that contained a broadcast destination address. Enter the following
command:
ServerIron(config)#mac filter 5 deny any ff ff
This command contains a destination of address all F's and mask of F's. The command expands to the following:
ServerIron(config)#mac filter 1 deny any 00ff.0000.0000 00ff.0000.0000
Here is another example for DSAP and SSAP:
ServerIron(config)#mac filter 10 deny any any llc eq F0
This command expands to the following: mac filter 2 deny any any llc eq 00f0
If you want to filter on both the SSAP and DSAP, then the following example shows this:
ServerIron(config)#mac filter 4 deny any 0020.0010.1000 ffff.ffff.0000 llc eq e0e0
Setting the MAC Age Time
To set the aging period for all address entries in the switch or router address table, enter the following command:
ServerIron(config)#mac-age 600
Syntax: [no] mac-age-time <value>
The <value> is 0 – 65535 seconds. The default is 300 seconds. If you specify 0, the entries do not age.