Administrator Guide
Layer 2 Switching Commands 271
In order to provide the greatest amount of flexibility in configuring ACLs, the
permit/deny syntax allows combinations of matching criteria that may not
make sense when applied in practice.
Port ranges are not supported for ACLs configured in egress (out) access-
groups. This means that only the eq operator is supported in an egress (out)
ACL.
The protocol type must be tcp or udp to specify a port range.
The fragment keyword is not supported for ACLs configured in egress (out)
IPv4 access-groups.
The rate-limit command is not supported for ACLs configured in egress (out)
IPv4 access-groups on the N4000 switches. Rate limits are only valid for
permit rules.
The log action is only valid for deny rules.
Any – is equivalent to 0.0.0.0 255.255.255.255 for IPv4 access lists
Host – indicates specified address with mask equal to 255.255.255.255 and
address 0.0.0.0 for IPv4.
The command accepts the optional time-range parameter. The time-range
parameter allows imposing a time limitation on the IP ACL rule as defined by
the parameter
time-range-name
. If a time range with the specified name does
not exist, and the IP ACL containing this ACL rule is applied to an interface
or bound to a VLAN, then the ACL rule is applied immediately. If a time
range with the specified name exists, and the IP ACL containing this ACL
0x86DD Internet Protocol version 6 (IPv6)
0x8808 MAC Control
0x8809 Slow Protocols (IEEE 802.3)
0x8870 Jumbo frames
0x888E EAP over LAN (EAPOL – IEEE 802.1x)
0x88CC Link Layer Discovery Protocol
0x8906 Fibre Channel over Ethernet
0x8914 FCoE Initialization Protocol
0x9100 Q in Q
Ethertype Protocol
2CSNXXX_SWUM204.book Page 271 Monday, January 25, 2016 1:25 PM