Brocade Converged Enhanced Ethernet Administrator's Guide v6.1.2_cee (53-1001258-01, June 2009)
Table Of Contents
- Contents
- Figures
- Tables
- About This Document
- Introducing FCoE
- Using the CEE CLI
- In this chapter
- CEE CLI configuration guidelines and restrictions
- Using the CEE command line interface (CLI)
- CEE CLI RBAC permissions
- Accessing the CEE CLI through the console interface or through a Telnet session
- Accessing the CEE CLI from the Fabric OS shell
- Accessing CEE CLI command modes
- Using CEE CLI keyboard shortcuts
- Displaying CEE CLI commands and command syntax
- Using CEE CLI command completion
- CEE CLI command syntax conventions
- Using CEE CLI command output modifiers
- Configuring VLANs Using the CEE CLI
- In this chapter
- VLAN overview
- Ingress VLAN filtering
- VLAN configuration guidelines and restrictions
- Default VLAN configuration
- VLAN configuration procedures
- Enabling and disabling a CEE interface
- Configuring the MTU on a CEE interface
- Creating a VLAN interface
- Configuring a VLAN interface to forward FCoE traffic
- Configuring a CEE interface as a Layer 2 switch port
- Configuring a CEE interface as an access interface or a trunk interface
- Configuring VLAN classifier rules
- Configuring VLAN classifier groups
- Associating a VLAN classifier group to a CEE interface
- Clearing VLAN counter statistics
- Displaying VLAN information
- Configuring the MAC address table
- Configuring STP, RSTP, and MSTP using the CEE CLI
- In this chapter
- STP overview
- RSTP overview
- MSTP overview
- STP, RSTP, and MSTP configuration guidelines and restrictions
- Default STP, RSTP, and MSTP configuration
- STP, RSTP, and MSTP configuration procedures
- STP, RSTP, and MSTP-specific configuration procedures
- STP and RSTP-specific configuration procedures
- RSTP and MSTP-specific configuration procedures
- MSTP-specific configuration procedures
- 10-Gigabit Ethernet CEE interface-specific configuration
- Global STP, RSTP, and MSTP-related configuration procedures
- Clearing STP, RSTP, and MSTP-related information
- Displaying STP, RSTP, and MSTP-related information
- Configuring Link Aggregation using the CEE CLI
- Configuring LLDP using the CEE CLI
- Configuring ACLs using the CEE CLI
- In this chapter
- ACL overview
- Default ACL configuration
- ACL configuration guidelines and restrictions
- ACL configuration procedures
- Creating a standard MAC ACL and adding rules
- Creating an extended MAC ACL and adding rules
- Modifying a MAC ACL
- Removing a MAC ACL
- Reordering the sequence numbers in a MAC ACL
- Applying a MAC ACL to a CEE interface
- Applying a MAC ACL to a VLAN interface
- Clearing MAC ACL counters
- Displaying MAC ACL information
- Configuring QoS using the CEE CLI
- Configuring FCoE using the Fabric OS CLI
- Administering the switch
- Configuring RMON using the CEE CLI
- Index
Converged Enhanced Ethernet Administrator’s Guide 97
53-1001258-01
ACL configuration procedures
7
Creating an extended MAC ACL and adding rules
NOTE
You can use the resequence command to change all the sequence numbers assigned to the rules
in a MAC ACL. For detailed information, see “Reordering the sequence numbers in a MAC ACL” on
page 99.
To create an extended MAC ACL and add rules, perform the following steps from Privileged EXEC
mode:
Step Task Command
1. Enter global configuration mode. switch#config t
Enter configuration commands, one per
line. End with CNTL/Z.
switch(config)#
2. Create an extended MAC ACL and enter ACL
configuration mode. The ACL name can have a
maximum of 64 characters. In this example, the
name of the extended MAC ACL is “test_02.”
switch(config)# mac access-list
extended test_02
switch(conf-macl-ext)#
3. Create a rule in the MAC ACL to permit or deny
(drop) traffic with the source MAC address and
the destination MAC address.
switch(conf-macl-ext)#{permit | deny}
HHHH.HHHH.HHHH HHHH.HHHH.HHHH
4. Create a rule in the MAC ACL to permit or deny
any traffic with the destination MAC address.
Additionally:
• You can access control by EtherType (ipv4,
fcoe, arp or custom EtherType). Custom
EtherType values range between 1536 and
65535.
• Use the count option for the rule to show
how many packets hit that entry.
switch(conf-macl-ext)#{permit | deny}
any HHHH.HHHH.HHHH [custom EtherType
value | arp | count | ipv4 | fcoe]
5. Create a rule in the MAC ACL to permit or deny
host traffic with the source MAC address and the
destination MAC address. Additionally:
• You can access control by EtherType (ipv4,
fcoe, arp or custom EtherType). Custom
EtherType values range between 1536 and
65535.
• Use the count option for the rule to show
how many packets hit that entry.
switch(conf-macl-ext)#{permit | deny}
host HHHH.HHHH.HHHH HHHH.HHHH.HHHH
[custom EtherType value | arp | count
| ipv4 | fcoe]
6. Create a rule in the MAC ACL to permit or deny
any host with the source MAC address.
Additionally:
• You can access control by EtherType (ipv4,
fcoe, or custom EtherType). Custom
EtherType values range between 1536 and
65535.
• Use the arp option to permit or deny ARP
traffic.
• Use the count option for the rule to show
how many packets hit that entry.
switch(conf-macl-ext)#{permit | deny}
host HHHH.HHHH.HHHH any [custom
EtherType value | arp | count | ipv4 |
fcoe]