CLI Guide
The number of entries allowed per ACL is hardware-dependent. For detailed
specification about entries allowed per ACL, refer to your switch documentation.
The switch supports both ingress and egress ACLs.
Example
Dell(conf)#mac-access-list access-list standard TestMAC
Dell(config-std-macl)#permit 00:00:00:00:00:00
00:00:00:00:ff:ff count
Dell(config-std-macl)#deny any count
permit
To pass packets matching the criteria specified, configure a filter.
Syntax
permit {any | host mac-address | mac-source-address mac-source-
address-mask} {any | host mac-address | mac-destination-address
mac-destination-address-mask} [ethertype operator] [count
[byte]]
To remove this filter, you have two choices:
• Use the no seq sequence-number command if you know the filter’s
sequence number.
• Use the no permit {any | host mac-address | mac-source-address
mac-source-address-mask} {any | mac-destination-address mac-
destination-address-mask} command.
Parameters
any Enter the keyword any to forward all packets.
host Enter the keyword host then a MAC address to forward
packets with that host address.
mac-source-
address
Enter a MAC address in nn:nn:nn:nn:nn:nn format.
mac-source-
address-mask
(OPTIONAL) Specify which bits in the MAC address must
match.
The MAC ACL supports an inverse mask; therefore, a mask
of ff:ff:ff:ff:ff:ff allows entries that do not match and a mask
of 00:00:00:00:00:00 only allows entries that match
exactly.
mac-destination-
address
Enter the destination MAC address and mask in
nn:nn:nn:nn:nn:nn format.
mac-destination-
address-mask
Specify which bits in the MAC address must be matched.
The MAC ACL supports an inverse mask; therefore, a mask
of ff:ff:ff:ff:ff:ff allows entries that do not match and a mask
Access Control Lists (ACL)
217