Manualshelf

Reference Guide (Supporting software release 5.5.0.0 and later) Owner manual

ManualsBrandsBrocade ManualsComputer AccessoriesMobility RFS Controller CLI
1121112211231124112511261127112811291130
1122 Brocade Mobility RFS Controller CLI Reference Guide
53-1003098-01
19
A MAC firewall rule uses source and destination MAC addresses for matching operations, where the
result is a typical allow, deny or mark designation to packet traffic.
Supported in the following platforms:
Access Points — Brocade Mobility 650 Access Point, Brocade Mobility 6511 Access Point,
Brocade Mobility 1220 Access Point, Brocade Mobility 71XX Access Point, Brocade
Mobility 1240 Access Point
Wireless Controllers — Brocade Mobility RFS4000, Brocade Mobility RFS6000, Brocade
Mobility RFS7000
Service Platforms — Brocade Mobility RFS9510
Syntax:
use [ip-access-list|mac-access-list]
use ip-access-list [in|out] <IP-ACCESS-LIST-NAME> precedence <1-100>
use mac-access-list [in|out] <MAC-ACCESS-LIST-NAME> precedence <1-100>
Parameters
use ip-access-list [in|out] <IP-ACCESS-LIST-NAME> precedence <1-100>
use mac-access-list [in|out] <MAC-ACCESS-LIST-NAME> precedence <1-100>
Example
rfs7000-37FABE(config-role-policy-test-user-role-testing)#use ip-access-list
in
test precedence 9
rfs7000-37FABE(config-role-policy-test-user-role-testing)#show context
user-role testing precedence 10
ssid not-contains DevUser
captive-portal authentication-state pre-login
city exact SanJose
company exact MotorolaSolutions
country exact America
department exact TnV
emailid exact testing@motorolasolutions.com
ip-access-list [in|out] Uses an IP access list with this user role
in – Applies the rule to incoming packets
out – Applies the rule to outgoing packets
<IP-ACCESS-LIST-NAME> Specify the IP access list name.
precedence <1-100> After specifying the name of the access list, specify the precedence applied to it. Based on the packets
received, a lower precedence value is evaluated first.
<1-100> – Sets a precedence from 1 - 100
mac-access-list [in|out] Uses a MAC access list with this user role
in – Applies the rule to incoming packets
out – Applies the rule to outgoing packets
<MAC-ACCESS-LIST-NAME> Specify the MAC access list name.
precedence <1-100> After specifying the name of the access list, specify the precedence applied to it. Based on the packets
received, a lower precedence value is evaluated first
<1-100> – Sets a precedence from 1 - 100