Technical data
Table Of Contents
- Contents
- About This Document
- CLI Basics
- In this chapter
- Management tools
- CEE command line interface
- Saving your configuration changes
- CEE CLI RBAC permissions
- Accessing the CEE CLI through the console or Telnet
- Accessing the CEE CLI from the Fabric OS shell
- CEE CLI command modes
- CEE CLI keyboard shortcuts
- Using the do command as a shortcut
- Displaying CEE CLI commands and command syntax
- CEE CLI command completion
- CEE CLI command output modifiers
- CEE Commands
- advertise dcbx-fcoe-app-tlv
- advertise dcbx-fcoe-logical-link-tlv
- advertise dcbx-iscsi-app-tlv
- advertise dcbx-tlv
- advertise dot1-tlv
- advertise dot3-tlv
- advertise optional-tlv
- bridge-priority
- cee
- cee-map
- channel-group
- cisco-interoperability
- clear counters
- clear counters access-list mac
- clear dot1x statistics
- clear dot1x statistics interface
- clear ip igmp group
- clear ip igmp groups
- clear lacp
- clear lacp counters
- clear lldp neighbors
- clear lldp statistics
- clear mac-address-table dynamic
- clear spanning-tree counter
- copy
- debug dot1x packet
- debug ip igmp all
- debug lacp
- debug lldp packet
- debug spanning-tree
- delete
- deny (extended ACLs)
- deny (standard ACLs)
- description (interface)
- description (LLDP)
- dir
- disable
- do
- dot1x authentication
- dot1x enable
- dot1x port-control
- dot1x protocol-version
- dot1x quiet-period
- dot1x reauthenticate interface
- dot1x reauthentication
- dot1x reauthMax
- dot1x timeout re-authperiod
- dot1x timeout server-timeout
- dot1x timeout supp-timeout
- dot1x timeout tx-period
- enable
- end
- erase flash
- error-disable-timeout enable
- error-disable-timeout interval
- exec-timeout
- exit
- fcoe-map
- fcoeport
- fcoe-priority-bits
- fcoe-vlan
- forward-delay
- fos
- hello
- hello-time
- instance
- interface
- interface vlan
- ip igmp last-member-query-interval
- ip igmp query-interval
- ip igmp query-max-response-time
- ip igmp snooping enable (global version)
- ip igmp snooping enable (VLAN version)
- ip igmp snooping fast-leave
- ip igmp snooping mrouter
- ip igmp snooping mrouter-timeout
- ip igmp snooping querier
- ip igmp static-group
- iscsi-priority-bits
- lacp system-priority
- lacp timeout
- line console
- line vty
- lldp dcbx-version
- lldp disable
- lldp fcoe-priority-bits
- lldp iscsi-priority-bits
- lldp profile
- logout
- mac access-group
- mac access-list extended
- mac access-list standard
- mac-address-table
- max-age
- max-hops
- mode
- mtu
- multiplier
- permit (extended ACLs)
- permit (standard ACLs)
- port-channel path-cost
- priority-group-table
- priority-table
- profile
- protocol lldp
- protocol spanning-tree
- pwd
- qos cos
- qos cos-mutation
- qos cos-traffic-class
- qos map cos-mutation
- qos map cos-traffic-class
- qos queue multicast scheduler
- qos queue scheduler
- qos rcv-queue multicast rate-limit
- qos rcv-queue multicast threshold
- qos trust cos
- quit
- region
- rename
- resequence access-list mac
- revision
- rmon alarm
- rmon collection
- rmon event
- seq (extended MAC ACLs)
- seq (standard MAC ACLs)
- show accounting
- show calendar
- show cee maps
- show clock
- show debug ip igmp
- show debug lacp
- show debug lldp
- show debug spanning-tree
- show dot1x
- show dot1x all
- show dot1x diagnostics interface
- show dot1x interface
- show dot1x session-info interface
- show dot1x statistics interface
- show environment
- show file
- show history
- show interface
- show ip igmp groups
- show ip igmp interface
- show ip igmp mrouter
- show ip igmp snooping
- show ip interface
- show lacp counter
- show lacp sys-id
- show line
- show lldp
- show lldp interface
- show lldp neighbors
- show lldp statistics
- show logging
- show mac access-group
- show mac-address-table
- show media
- show media interface
- show media linecard
- show port-channel
- show power supply
- show privilege
- show processes cpu
- show processes memory
- show qos flowcontrol interface
- show qos interface
- show qos maps
- show qos queue interface
- show qos rcv-queue interface
- show qos rcv-queue multicast
- show rmon
- show running-config
- show running-config access-list mac
- show running-config cee-map
- show running-config dot1x
- show running-configuration igmp
- show running-config interface port-channel
- show running-config interface tengigabitethernet
- show running-config interface vlan
- show running-config linecard
- show running-config rmon
- show spanning-tree
- show spanning-tree brief
- show spanning-tree interface
- show spanning-tree mst brief
- show spanning-tree mst detail
- show spanning-tree mst instance
- show spanning-tree mst-config
- show spanning-tree mst interface
- show startup-config
- show statistics access-list interface
- show statistics access-list mac
- show system
- show tech-support
- show users
- show version
- show vlan
- show vlan classifier
- shutdown (interface)
- shutdown (Spanning Tree Protocol)
- spanning-tree autoedge
- spanning-tree cost
- spanning-tree edgeport
- spanning-tree guard root
- spanning-tree hello-time
- spanning-tree instance
- spanning-tree link-type
- spanning-tree portfast
- spanning-tree priority
- spanning-tree restricted-role
- spanning-tree restricted-tcn
- spanning-tree shutdown
- spanning-tree tc-flush-standard
- switchport
- switchport access
- switchport converged
- switchport mode
- switchport trunk
- system-description
- system-name
- terminal length
- terminal monitor
- transmit-holdcount
- undebug
- vlan classifier activate group
- vlan classifier group
- vlan classifier rule
- write erase
- write memory
44 Converged Enhanced Ethernet Command Reference
53-1002508-01
deny (standard ACLs)
2
deny (standard ACLs)
Configures a MAC address rule to drop traffic based on the source MAC address.
Synopsis deny {MAC_ACL | any} [count]
no deny {MAC_ACL | any}
Operands MAC_ACL Specifies the source host MAC address for which to set deny conditions. Use
the format HHHH.HHHH.HHHH.
any Specifies any source MAC address.
count Enables counting of the packets matching the rule.
Defaults By default, no MAC ACLs are configured.
Command
Modes
Feature Access Control List configuration mode
Description Use this command to configure rules to match and to drop traffic based on the source MAC
address. You can also enable counters for a specific rule. There are 255 ACL counters supported
per port group. Use the no deny command to remove a rule from the MAC ACL.
Usage
Guidelines
None
Examples To create a rule in a standard MAC ACL to drop traffic from the source MAC address
0022.3333.4444 and to enable the counting of packets:
switch(conf-macl-std)#deny 0022.3333.4444 count
To delete a rule from a standard MAC ACL:
switch(conf-macl-std)#no deny 0022.3333.4444
See Also mac access-list standard, permit (standard ACLs)