CLI Guide
Layer 2 Switching Commands 283
then the ACL rule is applied when the time-range with a specified name
becomes active. The ACL rule is removed when the time-range with a
specified name becomes inactive.
Use the no form of the command to delete an existing permit/deny clause.
Syntax
[sequence-number] deny | permit (MAC access-list configuration)
[sequence-number] {deny | permit} {{any | srcmac srcmacmask} {any |
bpdu |dstmac dstmacmask}} [ethertypekey | [0x0600-0xFFFF] [vlan {eq 0-
4095}] [secondary-vlan {eq 0-4095}] [cos 0-7] [log] [time-range time-range-
name] [assign-queue queue-id] [{mirror | redirect} interface-id] [rate-limit
rate burst-size]
no sequence-number
• sequence-number—Identifies the order of application of the permit/deny
statement. If no sequence number is assigned, permit/deny statements are
assigned a sequence number beginning at 1000 and incrementing by 10.
Statements are applied in hardware beginning with the lowest sequence
number. Sequence numbers only have applicability within an access group,
i.e. the ordering applies within the access-group scope. The range for
sequence numbers is 1– 2147483647.
•
srcmac
—Valid source MAC address in format xxxx.xxxx.xxxx.
•
srcmacmask
—Valid MAC address bit mask for the source MAC address.
•
any
—Packets sent to or received from any MAC address.
•
dstmac
—Valid destination MAC address.
•
destmacmask
—Valid MAC address bit mask for the destination MAC
address.
•
bpdu
—Bridge protocol data unit
•
ethertypekey
—Either a keyword or valid four-digit hexadecimal number.
(Range: Supported values are appletalk, arp, ibmsna, ipv4, ipv6, ipx,
mplsmcast, mplsucast, Netbios, novell, pppoe, rarp.)
•
0x0600-0xFFFF
—Specify custom EtherType value (hexadecimal range
0x0600-0xFFFF).
•
vlan eq
—VLAN identifier. (Range 0-4095). This matches the outer VLAN
of a single or double-tagged packet. It does not match untagged packets.