Brocade Converged Enhanced Ethernet Administrator's Guide v6.1.2_cee (53-1001258-01, June 2009)
Table Of Contents
- Contents
- Figures
- Tables
- About This Document
- Introducing FCoE
- Using the CEE CLI
- In this chapter
- CEE CLI configuration guidelines and restrictions
- Using the CEE command line interface (CLI)
- CEE CLI RBAC permissions
- Accessing the CEE CLI through the console interface or through a Telnet session
- Accessing the CEE CLI from the Fabric OS shell
- Accessing CEE CLI command modes
- Using CEE CLI keyboard shortcuts
- Displaying CEE CLI commands and command syntax
- Using CEE CLI command completion
- CEE CLI command syntax conventions
- Using CEE CLI command output modifiers
- Configuring VLANs Using the CEE CLI
- In this chapter
- VLAN overview
- Ingress VLAN filtering
- VLAN configuration guidelines and restrictions
- Default VLAN configuration
- VLAN configuration procedures
- Enabling and disabling a CEE interface
- Configuring the MTU on a CEE interface
- Creating a VLAN interface
- Configuring a VLAN interface to forward FCoE traffic
- Configuring a CEE interface as a Layer 2 switch port
- Configuring a CEE interface as an access interface or a trunk interface
- Configuring VLAN classifier rules
- Configuring VLAN classifier groups
- Associating a VLAN classifier group to a CEE interface
- Clearing VLAN counter statistics
- Displaying VLAN information
- Configuring the MAC address table
- Configuring STP, RSTP, and MSTP using the CEE CLI
- In this chapter
- STP overview
- RSTP overview
- MSTP overview
- STP, RSTP, and MSTP configuration guidelines and restrictions
- Default STP, RSTP, and MSTP configuration
- STP, RSTP, and MSTP configuration procedures
- STP, RSTP, and MSTP-specific configuration procedures
- STP and RSTP-specific configuration procedures
- RSTP and MSTP-specific configuration procedures
- MSTP-specific configuration procedures
- 10-Gigabit Ethernet CEE interface-specific configuration
- Global STP, RSTP, and MSTP-related configuration procedures
- Clearing STP, RSTP, and MSTP-related information
- Displaying STP, RSTP, and MSTP-related information
- Configuring Link Aggregation using the CEE CLI
- Configuring LLDP using the CEE CLI
- Configuring ACLs using the CEE CLI
- In this chapter
- ACL overview
- Default ACL configuration
- ACL configuration guidelines and restrictions
- ACL configuration procedures
- Creating a standard MAC ACL and adding rules
- Creating an extended MAC ACL and adding rules
- Modifying a MAC ACL
- Removing a MAC ACL
- Reordering the sequence numbers in a MAC ACL
- Applying a MAC ACL to a CEE interface
- Applying a MAC ACL to a VLAN interface
- Clearing MAC ACL counters
- Displaying MAC ACL information
- Configuring QoS using the CEE CLI
- Configuring FCoE using the Fabric OS CLI
- Administering the switch
- Configuring RMON using the CEE CLI
- Index
94 Converged Enhanced Ethernet Administrator’s Guide
53-1001258-01
Default ACL configuration
7
There are two types of MAC ACLs:
• Standard ACLs—Permit and deny traffic according to the source MAC address in the incoming
frame. Use standard MAC ACLs if you only need to filter traffic based on source addresses.
• Extended ACLs—Permit and deny traffic according to the source and destination MAC
addresses in the incoming frame, as well as other information in the MAC header such as
EtherType.
MAC ACLs are supported on the following interface types:
• Physical interfaces
• Logical interfaces (LAGs)
• VLANs
Default ACL configuration
Table 15 lists the default ACL configuration.
ACL configuration guidelines and restrictions
Follow these ACL configuration guidelines and restrictions when configuring ACLs.
• The order of the rules in an ACL is critical. The first rule that matches the traffic stops further
processing of the packets.
• By default, an empty ACL (ACL without rules) permits all traffic.
• By default, MAC ACLs include an implicit “permit all” rule at the end of the ACL. If traffic does
not match any of the MAC ACL’s rules, the ACL permits the traffic.
• Only one ACL per interface is allowed. This applies to physical interfaces, LAG interfaces, and
VLAN interfaces.
• Masks for the MAC addresses are not supported with MAC ACLs.
• ACL naming conventions:
- Standard ACLs and extended ACLs cannot have the same name.
• Applying MAC ACLs to VLAN interfaces:
- An ACL applied to a VLAN interface controls the packets that are bridged within the VLAN.
- When an ACL is applied to a VLAN interface, all packets (tagged or untagged) entering the
VLAN are checked against the ACL’s rules.
TABLE 15 Default MAC ACL configuration
Parameter Default setting
MAC ACLs By default, no MAC ACLs are configured.