ECS4100 Series CLI Reference Guide-R07

ManualsBrandsEdgecore Networks ManualsEnterpriseL2+/L3 Lite Gigabit Ethernet Access Switch

391

392

393

394

395

396

397

398

399

400

Table Of Contents

Chapter 10

| Access Control Lists

MAC ACLs

– 393 –

prefix-length - Length of IPv6 prefix. A decimal value indicating how many

contiguous bits (from the left) of the address comprise the prefix; i.e., the

network portion of the address. (Range: 0-128)

cos – Class-of-Service value (Range: 0-7)

cos-bitmask

– Class-of-Service bitmask. (Range: 0-7)

ip precedence – IP Precedence value (Range: 0-7)

vid – VLAN ID. (Range: 1-4094)

vid-bitmask

–

VLAN bitmask. (Range: 1-4095)

ethertype – A specific Ethernet protocol number. (Range: 0-ffff hex)

ethertype-bitmask

– Protocol bitmask. (Range: 0-ffff hex)

protocol - IP protocol or IPv6 next header. (Range: 0-255)

For information on next headers, see permit, deny (Extended IPv6 ACL).

sport

– Protocol source port number. (Range: 0-65535)

dport

– Protocol destination port number. (Range: 0-65535)

port-bitmask – Decimal number representing the port bits to match.

(Range: 0-65535)

time-range-name - Name of the time range. (Range: 1-32 characters)

Default Setting

None

Command Mode

MAC ACL

Command Usage

◆ New rules are added to the end of the list.

◆ The ethertype option can only be used to filter Ethernet II formatted packets.

◆ A detailed listing of Ethernet protocol types can be found in RFC 1060. A few of

the more common types include the following:

■

0800 - IP

■

0806 - ARP

■

8137 - IPX

◆ If an Extended IPv4 rule and MAC rule match the same packet, and these rules

specify a “permit” entry and “deny” entry, the “deny” action takes precedence.

6. For all bitmasks, “1” means relevant and “0” means ignore.

7. Includes TCP, UDP or other protocol types.