CLI Reference Guide
ACL Commands 267
then the ACL rule is applied when the time-range with a specified name
becomes active. The ACL rule is removed when the time-range with a
specified name becomes inactive.
Syntax
{deny | permit} {{any |
srcmac srcmacmask
} {any | bpdu |
dstmac
dstmacmask}} [
ethertypekey
|
0x0600-0xFFFF
] vlan {eq
0-4095
}] [cos
0-7
]
[[log] [time-range
time-range-name
] [assign-queue
queue-id
] [{mirror |
redirect}
interface-id
]
•
srcmac
—Valid source MAC address in format xxxx.xxxx.xxxx.
•
srcmacmask
—Valid MAC address bitmask for the source MAC address in
format xxxx.xxxx.xxxx.
•
any
—Packets sent to or received from any MAC address.
•
dstmac
—Valid destination MAC address in format xxxx.xxxx.xxxx.
•
destmacmask
—Valid MAC address bitmask for the destination MAC
address in format xxxx.xxxx.xxxx.
•
bpdu
—Bridge protocol data unit
•
ethertypekey
—Either a keyword or valid four-digit hexadecimal number.
(Range: Supported values are appletalk, arp, ibmsna, ipv4, ipv6, ipx,
mplsmcast, mplsucast, Netbios, novell, pppoe, rarp.)
•
0x0600-0xFFFF
—Specify custom ethertype value (hexadecimal range
0x0600-0xFFFF).
•
vlan eq
—VLAN number. (Range 0-4095)
•
cos
—
Class of service. (Range 0-7)
•
log
—
Specifies that this rule is to be logged.
•
time-range-name
—Use the
time-range
parameter to impose a time
limitation on the MAC ACL rule as defined by the parameter.
•
assign-queue
—
Specifies particular hardware queue for handling traffic that
matches the rule.
•
queue-id
—
0-6, where n is number of user configurable queues available for that
hardware platform.
•
mirror
—
Copies the traffic matching this rule to the specified interface.
•
redirect
—
Forwards traffic matching this rule to the specified physical interface.
2CSNXXX_SWUM200.book Page 267 Tuesday, December 10, 2013 1:22 PM