Technical data
Table Of Contents
- Contents
- About This Document
- CLI Basics
- In this chapter
- Management tools
- CEE command line interface
- Saving your configuration changes
- CEE CLI RBAC permissions
- Accessing the CEE CLI through the console or Telnet
- Accessing the CEE CLI from the Fabric OS shell
- CEE CLI command modes
- CEE CLI keyboard shortcuts
- Using the do command as a shortcut
- Displaying CEE CLI commands and command syntax
- CEE CLI command completion
- CEE CLI command output modifiers
- CEE Commands
- advertise dcbx-fcoe-app-tlv
- advertise dcbx-fcoe-logical-link-tlv
- advertise dcbx-iscsi-app-tlv
- advertise dcbx-tlv
- advertise dot1-tlv
- advertise dot3-tlv
- advertise optional-tlv
- bridge-priority
- cee
- cee-map
- channel-group
- cisco-interoperability
- clear counters
- clear counters access-list mac
- clear dot1x statistics
- clear dot1x statistics interface
- clear ip igmp group
- clear ip igmp groups
- clear lacp
- clear lacp counters
- clear lldp neighbors
- clear lldp statistics
- clear mac-address-table dynamic
- clear spanning-tree counter
- copy
- debug dot1x packet
- debug ip igmp all
- debug lacp
- debug lldp packet
- debug spanning-tree
- delete
- deny (extended ACLs)
- deny (standard ACLs)
- description (interface)
- description (LLDP)
- dir
- disable
- do
- dot1x authentication
- dot1x enable
- dot1x port-control
- dot1x protocol-version
- dot1x quiet-period
- dot1x reauthenticate interface
- dot1x reauthentication
- dot1x reauthMax
- dot1x timeout re-authperiod
- dot1x timeout server-timeout
- dot1x timeout supp-timeout
- dot1x timeout tx-period
- enable
- end
- erase flash
- error-disable-timeout enable
- error-disable-timeout interval
- exec-timeout
- exit
- fcoe-map
- fcoeport
- fcoe-priority-bits
- fcoe-vlan
- forward-delay
- fos
- hello
- hello-time
- instance
- interface
- interface vlan
- ip igmp last-member-query-interval
- ip igmp query-interval
- ip igmp query-max-response-time
- ip igmp snooping enable (global version)
- ip igmp snooping enable (VLAN version)
- ip igmp snooping fast-leave
- ip igmp snooping mrouter
- ip igmp snooping mrouter-timeout
- ip igmp snooping querier
- ip igmp static-group
- iscsi-priority-bits
- lacp system-priority
- lacp timeout
- line console
- line vty
- lldp dcbx-version
- lldp disable
- lldp fcoe-priority-bits
- lldp iscsi-priority-bits
- lldp profile
- logout
- mac access-group
- mac access-list extended
- mac access-list standard
- mac-address-table
- max-age
- max-hops
- mode
- mtu
- multiplier
- permit (extended ACLs)
- permit (standard ACLs)
- port-channel path-cost
- priority-group-table
- priority-table
- profile
- protocol lldp
- protocol spanning-tree
- pwd
- qos cos
- qos cos-mutation
- qos cos-traffic-class
- qos map cos-mutation
- qos map cos-traffic-class
- qos queue multicast scheduler
- qos queue scheduler
- qos rcv-queue multicast rate-limit
- qos rcv-queue multicast threshold
- qos trust cos
- quit
- region
- rename
- resequence access-list mac
- revision
- rmon alarm
- rmon collection
- rmon event
- seq (extended MAC ACLs)
- seq (standard MAC ACLs)
- show accounting
- show calendar
- show cee maps
- show clock
- show debug ip igmp
- show debug lacp
- show debug lldp
- show debug spanning-tree
- show dot1x
- show dot1x all
- show dot1x diagnostics interface
- show dot1x interface
- show dot1x session-info interface
- show dot1x statistics interface
- show environment
- show file
- show history
- show interface
- show ip igmp groups
- show ip igmp interface
- show ip igmp mrouter
- show ip igmp snooping
- show ip interface
- show lacp counter
- show lacp sys-id
- show line
- show lldp
- show lldp interface
- show lldp neighbors
- show lldp statistics
- show logging
- show mac access-group
- show mac-address-table
- show media
- show media interface
- show media linecard
- show port-channel
- show power supply
- show privilege
- show processes cpu
- show processes memory
- show qos flowcontrol interface
- show qos interface
- show qos maps
- show qos queue interface
- show qos rcv-queue interface
- show qos rcv-queue multicast
- show rmon
- show running-config
- show running-config access-list mac
- show running-config cee-map
- show running-config dot1x
- show running-configuration igmp
- show running-config interface port-channel
- show running-config interface tengigabitethernet
- show running-config interface vlan
- show running-config linecard
- show running-config rmon
- show spanning-tree
- show spanning-tree brief
- show spanning-tree interface
- show spanning-tree mst brief
- show spanning-tree mst detail
- show spanning-tree mst instance
- show spanning-tree mst-config
- show spanning-tree mst interface
- show startup-config
- show statistics access-list interface
- show statistics access-list mac
- show system
- show tech-support
- show users
- show version
- show vlan
- show vlan classifier
- shutdown (interface)
- shutdown (Spanning Tree Protocol)
- spanning-tree autoedge
- spanning-tree cost
- spanning-tree edgeport
- spanning-tree guard root
- spanning-tree hello-time
- spanning-tree instance
- spanning-tree link-type
- spanning-tree portfast
- spanning-tree priority
- spanning-tree restricted-role
- spanning-tree restricted-tcn
- spanning-tree shutdown
- spanning-tree tc-flush-standard
- switchport
- switchport access
- switchport converged
- switchport mode
- switchport trunk
- system-description
- system-name
- terminal length
- terminal monitor
- transmit-holdcount
- undebug
- vlan classifier activate group
- vlan classifier group
- vlan classifier rule
- write erase
- write memory
Converged Enhanced Ethernet Command Reference 111
53-1002508-01
permit (extended ACLs)
2
permit (extended ACLs)
Configures a MAC address rule to permit traffic based on the source and destination MAC
addresses.
Synopsis permit {any | host MAC _ACL| MAC_ACL} {any | host MAC _ACL| MAC _ACL} {EtherType | arp |
fcoe | ipv4} [count]
no permit {any | host MAC _ACL| MAC_ACL} {any | host MAC _ACL| MAC _ACL} {EtherType | arp |
fcoe | ipv4}
Operands any Specifies any source MAC address.
host MAC_ACL Specifies a host-specific source MAC address for which to set permit
conditions. Use the format HHHH.HHHH.HHHH.
MAC_ACL Specifies any MAC address for which to set permit conditions. Use the format
HHHH.HHHH.HHHH.
any Specifies any destination MAC address.
host MAC_ACL Specifies a host-specific source MAC address for which to set permit
conditions. Use the format HHHH.HHHH.HHHH.
MAC_ACL Specifies any host address for which to set permit conditions. Use the format
HHHH.HHHH.HHHH.
Ethertype Specifies the protocol number for which to set the permit conditions. The
range of valid values is from 1536 through 65535.
arp Specifies to permit the Address Resolution Protocol (0x0806).
fcoe Specifies to permit the Fibre Channel over Ethernet Protocol (0x8906).
ipv4 Specifies to permit the IPv4 protocol (0x0800).
count Enables counting of the packets matching the filter rule.
Defaults By default, no MAC ACLs are configured.
Command
Modes
Feature Access Control List configuration mode
Description Use this command to configure rules to match and to permit traffic based on the source and
destination MAC addresses, and the protocol type. You can also enable counters for a specific rule.
There are 255 ACL counters supported per port group. Use the no permit command to remove a
rule from the MAC ACL.
Usage
Guidelines
The first set of {
any | host MAC_ACL | MAC_ACL} parameters is specific to the source MAC
address. The second set of {any | host MAC_ACL | MAC_ACL} parameters is specific to the
destination MAC address.
Examples To create a rule in an extended MAC ACL to permit IPv4 traffic from the source MAC address
0022.3333.4444 to the destination MAC address 0022.3333.5555 and to enable the counting of
packets:
switch(conf-macl-ext)#permit 0022.3333.4444 0022.3333.5555 ipv4 count