Reference v4.1.0 Instruction Manual
Network OS Command Reference 211
53-1003115-01
deny (standard ACLs)
2
deny (standard ACLs)
Configures a MAC address rule to drop traffic based on the source MAC address.
Synopsis deny {MAC_ADDRESS/mask | any} [count]
no deny {MAC_ADDRESS/mask | any}
Operands MAC_ADDRESS Specifies the source host MAC address for which to set deny conditions.
The correct format is: HHHH.HHHH.HHHH.
mask Specifies the mask for the associated host MAC address.
any Specifies any source MAC address.
count Enables counting of the packets matching the rule.
Defaults No MAC ACLs are subjected to traffic dropping.
Command Modes Feature Access Control List configuration mode
Description Use this command to configure rules to match and to drop traffic based on the source MAC
address. You can also enable counters for a specific rule. 255 ACL counters are supported per
port group.
Usage Guidelines The first set of [any | host MAC_ADDRESS | MAC_ADDRESS] parameters is specific to the source
MAC address. The second set of [any | host MAC_ADDRESS | MAC_ADDRESS] parameters is
specific to the destination MAC address.
• The order of the rules in an ACL is critical. The first rule that matches the traffic stops further
processing of the frames. Rules containing specific information should be listed first, followed
by rules that contain more general information.
• Enter no deny any to deny any rule that was added earlier.
• Enter no deny any to deny any rule that was added earlier.
• Enter no deny followed by a specific address to remove traffic dropping for a from the
specified MAC address.
Examples To create a rule in a MAC standard ACL to drop traffic from the source MAC address
0022.3333.4444 and to enable the counting of packets:
switch(conf-macl-std)# deny 0022.3333.4444/255.255.0.0 count
To delete a rule from a MAC standard ACL:
switch(conf-macl-std)# no deny 0022.3333.4444/255.255.0.0
See Also mac access-list extended, mac access-list standard, permit (extended ACLs),
permit (standard ACLs)