Concept Guide
Supported Modes Full–Switch
Command History
Version Description
9.9(0.0) Introduced on the FN IOM.
8.3.16.1 Introduced on the MXL 10/40GbE Switch IO Module.
Usage Information The ACL hit counters in this command increment the counters for each matching rule, not just the rst matching
rule.
Example
Dell#show mac accounting access-list TestMac interface tengigabitethernet 0/1
in
Ingress Standard mac access-list TestMac on TenGigabitEthernet 0/1
Total cam count 2
seq 5 permit aa:aa:aa:aa:00:00 00:00:00:00:ff:ff count (0 packets)
seq 10 deny any count (20072594 packets)
Dell#
Standard MAC ACL Commands
When you create an access control list without any rule and then apply it to an interface, the ACL behavior reects implicit permit. These
commands congure standard MAC ACLs.
The switch supports both Ingress and Egress MAC ACLs.
NOTE
: For more information, also refer to the Commands Common to all ACL Types and Common MAC Access List Commands
sections.
deny
To drop packets that match the lter criteria, congure a lter.
Syntax
deny {any | host mac-address | mac-source-address mac-source-address-mask} {any
| host mac-address | mac-destination-address mac-destination-address-mask}
[ethertype-operator] [count [byte]]
To remove this lter, you have two choices:
• Use the no seq sequence-number command if you know the lter’s sequence number.
•
Use the no deny {any | host mac-address | mac-source-address mac-source-
address-mask} {any | host mac-address | mac-destination-address mac-
destination-address-mask} command.
Parameters
any Enter the keyword any to drop all packets.
host mac-address Enter the keyword host and then enter a MAC address to drop packets with that host
address.
mac-source-
address
Enter a MAC address in nn:nn:nn:nn:nn:nn format.
mac-source-
address-mask
Specify which bits in the MAC address must match.
Access Control Lists (ACL) 185