Quick Reference Guide

ManualsBrandsDell ManualsComputer equipmentForce10 S2410-01-10GE-24P

381

382

383

384

385

386

387

388

389

390

384 | ACL Commands

www.dell.com | support.dell.com

MAC Access Control List (ACL) Commands

The commands in this section are:

• {deny|permit} on page 384

• mac access-list extended on page 386

• mac access-list extended rename on page 386

• mac access-group on page 387

• show mac access-lists on page 388

{deny|permit}

This command creates a new rule for the selected MAC access list. Each rule is appended to the list of

configured rules for the list. Note that an implicit “deny all” MAC rule always terminates the access

list.

Syntax

{deny|permit} {srcmac | any} {dstmac} | any} [assign-queue queue-id_0-6] [cos 0-7]

[ethertypekey] [0x0600-0xFFFF] [redirect unit/slot/port] [vlan {eq 0-4095]

Parameters

deny | permit

A rule may either deny or permit traffic according to the specified

classification fields. At a minimum, the source (srcmac | any) and

destination (

dstmac} | any) MAC value and mask pairs must be specified,

each of which may be substituted using the keyword

any to indicate a

match on any value in that field. The BPDU keyword may be specified for

the destination MAC value/mask pair indicating a well-known BPDU MAC

value of 01-80-c2-xx-xx-xx (hex), where 'xx' indicates a don't care. The

remaining command parameters are all optional.

assign-queue (Optional) The assign-queue parameter allows specification of a

particular hardware queue for handling traffic that matches this rule. The

allowed

queue-id value is 0-(n-1), where n is the number of user

configurable queues available for the hardware platform.

ethertypekey (Optional) The Ethertype (ethertypekey) may be specified as either a

keyword or a four-digit hexadecimal value from

0x0600 to 0xFFFF. The

currently supported

ethertypekey keyword values are: appletalk, arp,

ibmsna, ipv4, ipv6, ipx, mplsmcast, mplsucast, netbios,

novell, pppoe, rarp. Each of these translates into its equivalent

Ethertype value(s).

redirect (Optional) The redirect parameter redirects traffic matching this rule to

the specified egress port. The redirected packet carries the same MAC

address as it would have if it had not been redirected (the MAC address of

the next hop defined in the routing table). Basically, it looks like a mirrored

packet on the redirect port.

The

assign-queue and redirect parameters are only valid for a

permit rule.

Note: The special command form {deny|permit} any any is used to match all Ethernet

Layer 2 packets, and is the equivalent of the IP access list “match every” rule.