Users Guide

ManualsBrandsDell ManualsAccess PlatformsPowerSwitch S6000 ON

221

222

223

224

225

226

227

228

229

230

deny

To drop packets that match the filter criteria, configure a filter.

Syntax

deny {any | host mac-address | mac-source-address mac-source-address-mask} {any

| host mac-address | mac-destination-address mac-destination-address-mask}

[ethertype-operator] [count [byte]] [log [interval minutes] [threshold-in-msgs

[count]] [monitor]

To remove this filter, you have two choices:

• Use the no seq sequence-number command if you know the filter’s sequence number.

• Use the no deny {any | host mac-address | mac-source-address mac-source-

address-mask} {any | host mac-address | mac-destination-address mac-

destination-address-mask} command.

Parameters

any Enter the keyword any to drop all packets.

host mac-address Enter the keyword host and then enter a MAC address to drop packets with that host

address.

mac-source-

address

Enter a MAC address in nn:nn:nn:nn:nn:nn format.

mac-source-

address-mask

Specify which bits in the MAC address must match.

The MAC ACL supports an inverse mask; therefore, a mask of ff:ff:ff:ff:ff:ff allows

entries that do not match and a mask of 00:00:00:00:00:00 only allows entries that

match exactly.

mac-destination-

address

Enter the destination MAC address and mask in nn:nn:nn:nn:nn:nn format.

mac-destination-

address-mask

Specify which bits in the MAC address must match.

The MAC ACL supports an inverse mask; therefore, a mask of ff:ff:ff:ff:ff:ff allows

entries that do not match and a mask of 00:00:00:00:00:00 only allows entries that

match exactly.

ethertype operator (OPTIONAL) To filter based on protocol type, enter one of the following Ethertypes:

• ev2 - is the Ethernet II frame format

• llc - is the IEEE 802.3 frame format

• snap - is the IEEE 802.3 SNAP frame format

count (OPTIONAL) Enter the keyword count to count packets processed by the filter.

byte (OPTIONAL) Enter the keyword byte to count bytes processed by the filter.

log (OPTIONAL) Enter the keyword log to include ACL messages in the log.

threshold-in msgs

count

(OPTIONAL) Enter the threshold-in-msgs keyword followed by a value to indicate

the maximum number of ACL logs that can be generated, exceeding which the

generation of ACL logs is terminated with the seq, permit, or deny commands. The

threshold range is from 1 to 100.

226 Access Control Lists (ACL)