CLI Guide
this capability, traffic with particular flows that are traversing through the ingress
and egress interfaces are examined and, appropriate ACLs can be applied in both
the ingress and egress direction. Flow-based monitoring conserves bandwidth by
monitoring only specified traffic instead all traffic on the interface. This feature is
particularly useful when looking for malicious traffic. It is available for Layer 2 and
Layer 3 ingress and egress traffic. You may specify traffic using standard or
extended access-lists. This mechanism copies all incoming or outgoing packets on
one port and forwards (mirrors) them to another port. The source port is the
monitored port (MD) and the destination port is the monitoring port (MG).
Related
Commands
deny — configures a filter to drop packets.
permit — configures a filter to forward packets.
Extended MAC ACL Commands
When an access-list is created without any rule and then applied to an interface, ACL behavior reflects
implicit permit. The following commands configure Extended MAC ACLs.
The Switch supports both Ingress and Egress MAC ACLs.
mac access-list standard
To configure a standard MAC ACL, name a new or existing MAC access control list (MAC ACL) and enter
MAC ACCESS LIST mode.
Syntax
mac access-list standard mac-list-name
Parameters
mac-list-name Enter a text string as the name of the standard MAC access
list (140 character maximum).
Defaults Not configured.
Command Modes CONFIGURATION
Supported Modes Full–Switch
Command History
Version Description
9.9(0.0) Introduced on the FN IOM.
8.3.16.1 Introduced on the MXL 10/40GbE Switch IO Module.
Usage Information
The Dell operating system supports one ingress and one egress MAC ACL per
interface.
216
Access Control Lists (ACL)