CLI Reference Guide
338 | ip access-list eth Dell PowerConnect W-Series ArubaOS 6.2 | Reference Guide
ip access-list eth
ip
ip access-list eth {<number>|<name>}
deny {<ethtype> [<bits>]|any} [mirror] [position}
no ...
permit {<ethtype> [<bits>]|any} [mirror][position]
Description
This command configures an Ethertype access control list (ACL).
Syntax
Parameter Description Range
eth
Enter a name, or a number in the specified range. 200-299
deny
Reject the specified packets, which can be one of the following:
l Ethertype in decimal or hexadecimal (0-65535) and optional wildcard (0-65535)
l any: match any Ethertype
Optionally, you can configure the mirror parameter, which mirrors packets to a
datapath or remote destination, or set the position of the ACL. The default position is
last, a position of 1 puts the ACL at the top of the list.
—
no
Negates any configured parameter. —
permit
Allow the specified packets, which can be one of the following:
l Ethertype in decimal or hexadecimal (0-65535) and optional wildcard (0-65535)
l any: match any Ethertype
Optionally, you can configure the mirror parameter, which mirrors packets to a
datapath or remote destination, or set the position of the ACL. The default position is
last, a position of 1 puts the ACL at the top of the list.
—
Usage Guidelines
The Ethertype field in an Ethernet frame indicates the protocol being transported in the frame. This type of ACL
filters on the Ethertype field in the Ethernet frame header, and is useful when filtering non-IP traffic on a physical
port. This ACL can be used to permit IP frames while blocking other non-IP protocols such as IPX or Appletalk.
If you configure the mirror option, define the destination to which mirrored packets are sent in the firewall policy.
For more information, see "firewall" on page 263.
Example
The following command configures an Ethertype ACL:
(host) (config) #ip access-list eth 200
deny 809b
Command History
Release Modification
ArubaOS 3.0 Command introduced
ArubaOS 3.3 The mirror parameter was introduced.