Cisco Nexus 5000 Series Command Reference Release 4.0(1a)N2(1) (OL-16599-01, March 2009)

ManualsBrandsHP ManualsStorageCisco Nexus 5010 with FCoE Storage Services License Converged Network Switch

401

402

403

404

405

406

407

408

409

410

Send comments to nx5000-docfeedback@cisco.com

6-73

Cisco Nexus 5000 Series Command Reference

OL-16599-01

Chapter 6 Security Commands

permit (MAC)

Command History

Usage Guidelines When the switch applies a MAC ACL to a packet, it evaluates the packet with every rule in the ACL. The

switch enforces the first rule whose conditions are satisfied by the packet. When the conditions of more

than one rule are satisfied, the switch enforces the rule with the lowest sequence number.

Source and Destination

You can specify the source and destination arguments in one of two ways. In each rule, the method you

use to specify one of these arguments does not affect how you specify the other. When you configure a

rule, use the following methods to specify the source and destination arguments:

Address and mask—You can use a MAC address followed by a mask to specify a single address or a

group of addresses. The syntax is as follows:

MAC-address MAC-mask

The following example specifies the source argument with the MAC address 00c0.4f03.0a72:

switch(config-acl)# permit 00c0.4f03.0a72 0000.0000.0000 any

The following example specifies the destination argument with a MAC address for all hosts with a

MAC vendor code of 00603e:

switch(config-acl)# permit any 0060.3e00.0000 0000.0000.0000

• Any address—You can use the any keyword to specify that a source or destination is any MAC

address. For examples of the use of the any keyword, see the examples in this section. Each of the

examples shows how to specify a source or destination by using the any keyword.

MAC Protocols

The protocol argument can be the MAC protocol number or a keyword. The protocol number is a

four-byte hexadecimal number prefixed with 0x. Valid protocol numbers are from 0x0 to 0xffff. Valid

keywords are the following:

• aarp—Appletalk ARP (0x80f3)

• appletalk—Appletalk (0x809b)

• decnet-iv—DECnet Phase IV (0x6003)

• diagnostic—DEC Diagnostic Protocol (0x6005)

• etype-6000—Ethertype 0x6000 (0x6000)

• etype-8042—Ethertype 0x8042 (0x8042)

• ip—Internet Protocol v4 (0x0800)

• lat—DEC LAT (0x6004)

• lavc-sca—DEC LAVC, SCA (0x6007)

• mop-console—DEC MOP Remote console (0x6002)

• mop-dump—DEC MOP dump (0x6001)

• vines-echo—VINES Echo (0x0baf)

Release Modification

4.0(0)N1(1a) This command was introduced.