Reference Guide (Supporting software release 5.5.0.0 and later) Owner manual

ManualsBrandsBrocade ManualsComputer AccessoriesMobility RFS Controller CLI

931

932

933

934

935

936

937

938

939

940

922 Brocade Mobility RFS Controller CLI Reference Guide

53-1003098-01

insert [deny|permit] <PARAMETERS> (dot1p <0-7>,type

[8021q|<1-65535>|aarp|appletalk|

arp|ip|ipv6|ipx|mint|rarp|wisp],vlan <1-4095>,log,rule-precedence

<1-5000>)

{(rule-description <LINE>)}

Parameters

insert [deny|permit] <PARAMETERS> (log,mark [8021p <0-7>|dscp <0-63>],

rule-precedence <1-5000>) {(rule-description <LINE>)}

Example

rfs4000-229D58(config-mac-acl-test1)#deny 11-22-33-44-55-66 11-22-33-44-55-77

any rule-precedence 1

rfs4000-229D58(config-mac-acl-test1)#deny host B4-C7-99-6D-CD-9B any

rule-precedence 2

rfs4000-229D58(config-mac-acl-test1)#show context

mac access-list test1

deny 11-22-33-44-55-66 11-22-33-44-55-77 any rule-precedence 1

insert [deny|permit] Inserts a deny or permit rule within an MAC ACL

<PARMETERS> Provide the match criteria for this deny/permit rule. Packets will be filtered based on the criteria set here.

For more information on the deny rule, see deny.

For more information on the permit rule, see permit.

dotp1p <0-7> Configures the 802.1p priority value. Sets the service classes for traffic handling

• <0-7> – Specify 802.1p priority from 0 - 7.

type

[8021q|<1-65535>|

aarp|appletalk|

arp|ip|ipv6|ipx|mint|

rarp|wisp]

Configures the EtherType value

An EtherType is a two-octet field in an Ethernet frame that indicates the protocol encapsulated in the payload

of the frame. The EtherType values are:

• 8021q – Indicates a 802.1q payload (0x8100)

• <1-65535> – Indicates the EtherType protocol number

• aarp – Indicates the Appletalk ARP payload (0x80F3)

• appletalk – Indicates the Appletalk Protocol payload (0x809B)

• arp – Indicates the ARP payload (0x0806)

• ip – Indicates the IPv4 payload (0x0800)

• ipv6 – Indicates the IPv6 payload (0x86DD)

• ipx – Indicates the Novell’s IPX payload (0x8137)

• mint – Indicates the MiNT protocol payload (0x8783)

• rarp – Indicates the reverse ARP payload (0x8035)

• wisp – Indicates the WISP payload (0x8783)

vlan <1-4095> Configures the VLAN where the traffic is received

• <1-4095> – Specify the VLAN ID from 1 - 4095.

log Logs all deny/permit events matching this entry. If a source and/or destination MAC address is matched (i.e.

a packet is received from a specified MAC address or is destined for a specified MAC address), an event is

logged.

rule-precedence

<1-5000>

rule-description <LINE>

The following keywords are recursive and common to all of the above parameters:

• rule-precedence – Assigns a precedence for this deny rule

• <1-5000> – Specify a value from 1 - 5000.

Lower the precedence higher is the priority. A rule with precedence 3 gets priority over a rule with precedence

10.

• rule-description – Optional. Configures a description for this deny rule. Provide a description that

uniquely identifies the purpose of this rule (should not exceed 128 characters in length).