Users Guide
706 Access Control Lists
[sequence-number]
{deny | permit} {srcmac
srcmacmask | any}
{dstmac dstmacmask |
any | bpdu}
[{ethertypekey | 0x0600-
0xFFFF} [vlan eq 0-
4095] [cos 0-7]
[secondary-vlan eq 0-
4095] [log] [time-range
time-range-name]
[assign-queue queue-id]
[{mirror |redirect}
interface] [rate-limit
rate burst-size]
Specify the rules (match conditions) for the MAC access
list.
•
sequence-number
— Identifies the order of application
of the permit/deny statement. If no sequence number is
assigned, permit/deny statements are assigned a sequence
number beginning at 1000 and incrementing by 10.
Statements are applied in hardware beginning with the
lowest sequence number. Sequence numbers are
applicable only within an access group; i.e., the ordering
applies within the access-group scope. The range for
sequence numbers is 1–2147483647.
• srcmac — Valid source MAC address.
• srcmacmask — Valid MAC address bitmask for the source
MAC address.
• any — Packets sent to or received from any MAC address
• dstmac — Valid destination MAC address.
• destmacmask — Valid MAC address bitmask for the
destination MAC address.
• bpdu — Bridge protocol data unit
• ethertypekey — Either a keyword or valid four-digit
hexadecimal number. (Range: Supported values are
appletalk, arp, ibmsna, ipv4, ipv6, ipx, mplsmcast,
mplsucast, Netbios, novell, pppoe, rarp.)
• 0x0600-0xFFFF — Specify custom EtherType value
(hexadecimal range 0x0600-0xFFFF)
• vlan eq — VLAN number. (Range 0–4095)
• cos — Class of service. (Range 0–7)
• secondary-vlan — An outer VLAN tag, if present in the
frame
Command Purpose