Administrator Guide
Version Description
8.3.19.0 Introduced on the S4820T.
8.3.11.1 Introduced on the Z9000.
8.3.7.0 Introduced on the S4810.
8.1.1.0 Introduced on the E-Series.
7.6.1.0 Introduced on the S-Series.
7.5.1.0 Introduced on the C-Series.
7.4.1.0 Added the monitor option.
6.1.1.0 Introduced on the E-Series.
Usage Information
When you use the log option, the CP processor logs details about the packets that match. Depending on how
many packets match the log entry and at what rate, the CP may become busy as it has to log these packets’
details.
NOTE: When you congure the ACL logging and byte counters simultaneously, byte counters may
display an incorrect value. Congure packet counters with logging instead.
Related Commands
• deny — congure a lter to drop packets.
• permit — congure a lter to forward packets.
Extended MAC ACL Commands
When an access-list is created without any rule and then applied to an interface, ACL behavior reects implicit permit. The following
commands congure Extended MAC ACLs.
The platform supports both Ingress and Egress MAC ACLs.
NOTE
: For more information, also refer to the Commands Common to all ACL Types and Common MAC Access List Commands
sections.
deny
To drop packets that match the lter criteria, congure a lter.
Syntax
deny {any | host mac-address | mac-source-address mac-source-address-mask} {any
| host mac-address | mac-destination-address mac-destination-address-mask}
[ethertype-operator] [count [byte]] [log [interval minutes] [threshold-in-msgs
[count]] [monitor]
To remove this lter, you have two choices:
• Use the no seq sequence-number command if you know the lter’s sequence number.
• Use the no deny {any | host mac-address | mac-source-address mac-source-
address-mask} {any | host mac-address | mac-destination-address mac-
destination-address-mask} command.
230 Access Control Lists (ACL)