Administrator Guide
Layer 2 Switching Commands 273
Use the no form of the command to delete an existing permit/deny clause.
Syntax
[
sequence-number
] deny | permit (MAC access-list configuration)
[
sequence-number
] {deny | permit} {{any |
srcmac srcmacmask
} {any |
bpdu |
dstmac
dstmacmask}} [
ethertypekey
|
0x0600-0xFFFF
] vlan {eq
0-
4095
}] [cos
0-7
] [[log] [time-range
time-range-name
] [assign-queue
queue-
id
] [{mirror | redirect}
interface-id
] [rate-limit
rate burst-size
]
no
sequence-number
•
sequence-number
—Identifies the order of application of the permit/deny
statement. If no sequence number is assigned, permit/deny statements are
assigned a sequence number beginning at 1000 and incrementing by 10.
Statements are applied in hardware beginning with the lowest sequence
number. Sequence numbers only have applicability within an access group,
i.e. the ordering applies within the access-group scope. The range for
sequence numbers is 1– 2147483647.
•
srcmac
—Valid source MAC address in format xxxx.xxxx.xxxx.
•
srcmacmask
—Valid MAC address bitmask for the source MAC address in
format xxxx.xxxx.xxxx.
•
any
—Packets sent to or received from any MAC address.
•
dstmac
—Valid destination MAC address in format xxxx.xxxx.xxxx.
•
destmacmask
—Valid MAC address bitmask for the destination MAC
address in format xxxx.xxxx.xxxx.
•
bpdu
—Bridge protocol data unit
•
ethertypekey
—Either a keyword or valid four-digit hexadecimal number.
(Range: Supported values are appletalk, arp, ibmsna, ipv4, ipv6, ipx,
mplsmcast, mplsucast, Netbios, novell, pppoe, rarp.)
•
0x0600-0xFFFF
—Specify custom ethertype value (hexadecimal range
0x0600-0xFFFF).
•
vlan eq
—VLAN number. (Range 0-4095)
•
cos
—
Class of service. (Range 0-7)
•
log
—
Specifies that this rule is to
be logged if the rule has been matched one
or more times since the expiry of the last logging interval. The logging
interval is 5 minutes
. (See
Time Ranges Commands
for more information.)
2CSNXXX_SWUM204.book Page 273 Monday, January 25, 2016 1:25 PM