Administrator Guide
Access Control Lists 671
[
sequence-number
]
{deny | permit} {
srcmac
srcmacmask
| any}
{
dstmac dstmacmask
|
any | bpdu}
[{
ethertypekey
|
0x0600-
0xFFFF}
[vlan eq
0-
4093
] [cos
0-7
]
[secondary-vlan eq
0-
4093
] [secondary-cos
0-
7
] [log] [time-range
time-range-name
]
[assign-queue
queue-id
]
[{mirror |redirect}
interface
]
Specify the rules (match conditions) for the MAC access
list.
•
sequence-number
— Identifies the order of application
of the permit/deny statement. If no sequence number is
assigned, permit/deny statements are assigned a sequence
number beginning at 1000 and incrementing by 10.
Statements are applied in hardware beginning with the
lowest sequence number. Sequence numbers are
applicable only within an access group; i.e., the ordering
applies within the access-group scope. The range for
sequence numbers is 1–2147483647.
•
srcmac
— Valid source MAC address in format
xxxx.xxxx.xxxx.
•
srcmacmask
— Valid MAC address bitmask for the source
MAC address in format xxxx.xxxx.xxxx.
•
any
— Packets sent to or received from any MAC address
•
dstmac
— Valid destination MAC address in format
xxxx.xxxx.xxxx.
•
destmacmask
— Valid MAC address bitmask for the
destination MAC address in format xxxx.xxxx.xxxx.
•
bpdu
— Bridge protocol data unit
•
ethertypekey
— Either a keyword or valid four-digit
hexadecimal number. (Range: Supported values are
appletalk
,
arp
,
ibmsna
,
ipv4
,
ipv6
,
ipx
,
mplsmcast
,
mplsucast
,
Netbios
,
novell
,
pppoe
,
rarp
.)
•
0x0600-0xFFFF
— Specify custom EtherType value
(hexadecimal range 0x0600-0xFFFF)
•
vlan eq
— VLAN number. (Range 0–4093)
•
cos
— Class of service. (Range 0–7)
•
secondary-vlan
— An outer VLAN tag, if present in the
frame
•
secondary-cos
— The CoS value contained in the outer
VLAN tag, if present in the frame.
Command Purpose