Concept Guide
ip access-list eth
ip
ip access-list eth {<number>|<name>}
deny {<ethtype> [<bits>]|any} [mirror] [position}
no ...
permit {<ethtype> [<bits>]|any} [mirror][position]
Description
This command configures an Ethertype access control list (ACL).
Syntax
Parameter Description Range
eth
Enter a name, or a number in the specified range. 200-
299
deny
Reject the specified packets, which can be one of the following:
l Ethertype in decimal or hexadecimal (0-65535) and optional wildcard
(0-65535)
l any: match any Ethertype
Optionally, you can configure the mirror parameter, which mirrors packets
to a datapath or remote destination, or set the position of the ACL. The
default position is last, a position of 1 puts the ACL at the top of the list.
—
no
Negates any configured parameter. —
permit
Allow the specified packets, which can be one of the following:
l Ethertype in decimal or hexadecimal (0-65535) and optional wildcard
(0-65535)
l any: match any Ethertype
Optionally, you can configure the mirror parameter, which mirrors packets
to a datapath or remote destination, or set the position of the ACL. The
default position is last, a position of 1 puts the ACL at the top of the list.
—
Usage Guidelines
The Ethertype field in an Ethernet frame indicates the protocol being transported in the frame. This type of ACL
filters on the Ethertype field in the Ethernet frame header, and is useful when filtering non-IP traffic on a
physical port. This ACL can be used to permit IP frames while blocking other non-IP protocols such as IPX or
Appletalk.
If you configure the mirror option, define the destination to which mirrored packets are sent in the firewall
policy. For more information, see firewall on page 374.
Example
The following command configures an Ethertype ACL:
(host) (config) #ip access-list eth 200
deny 809b
Dell Networking W-Series ArubaOS 6.5.x | Reference Guide ip access-list eth | 485