CLI Guide

For a VLAN interface enter the keyword VLAN and then the vlan id
in | out Identify whether ACL is applied on ingress or egress side.
Command Modes
EXEC
EXEC Privilege
Supported Modes Full–Switch
Command History
Version Description
9.9(0.0) Introduced on the FN IOM.
8.3.16.1 Introduced on the MXL 10/40GbE Switch IO Module.
Usage Information The ACL hit counters in this command increment the counters for each matching rule, not just the rst matching
rule.
Example
Dell#show mac accounting access-list TestMac interface tengigabitethernet 0/1
in
Ingress Standard mac access-list TestMac on TenGigabitEthernet 0/1
Total cam count 2
seq 5 permit aa:aa:aa:aa:00:00 00:00:00:00:ff:ff count (0 packets)
seq 10 deny any count (20072594 packets)
Dell#
Standard MAC ACL Commands
When you create an access control list without any rule and then apply it to an interface, the ACL behavior reects implicit permit. These
commands congure standard MAC ACLs.
The switch supports both Ingress and Egress MAC ACLs.
NOTE
: For more information, also refer to the Commands Common to all ACL Types and Common MAC Access List Commands
sections.
deny
To drop packets that match the lter criteria, congure a lter.
Syntax
deny {any | host mac-address | mac-source-address mac-source-address-mask} {any
| host mac-address | mac-destination-address mac-destination-address-mask}
[ethertype-operator] [count [byte]]
To remove this lter, you have two choices:
Use the no seq sequence-number command if you know the lter’s sequence number.
Use the no deny {any | host mac-address | mac-source-address mac-source-
address-mask} {any | host mac-address | mac-destination-address mac-
destination-address-mask} command.
Parameters
any Enter the keyword any to drop all packets.
Access Control Lists (ACL) 181