Command Reference Guide
MAC Access Control List Commands
CLI Command Reference
September 2014 Page 659
HP Moonshot Switch Module CLI Command Reference
The vlan and cos parameters refer to the VLAN identifier and 802.1p user priority fields, respectively, of the
VLAN tag. For packets containing a double VLAN tag, this is the first (or outer) tag.
The
time-range parameter allows imposing time limitation on the MAC ACL rule as defined by the parameter
time-range-name. If a time range with the specified name does not exist and the MAC ACL containing this ACL
rule is applied to an interface or bound to a VLAN, then the ACL rule is applied immediately. If a time range with
specified name exists and the MAC ACL containing this ACL rule is applied to an interface or bound to a VLAN,
then the ACL rule is applied when the time-range with specified name becomes active. The ACL rule is removed
when the time-range with specified name becomes inactive. For information about configuring time ranges,
see “Time Range Commands for Time-Based ACLs” on page 676.
The
assign-queue parameter allows specification of a particular hardware queue for handling traffic that
matches this rule. The allowed
queue-id value is 0-6 because is the number of user configurable queues is 7.
The
assign-queue parameter is valid only for a permit rule.
The
mirror parameter allows the traffic matching this rule to be copied to the specified unit/slot/port, while
the redirect parameter allows the traffic matching this rule to be forwarded to the specified
unit/slot/port.
The
assign-queue and redirect parameters are only valid for a permit rule.
The permit command’s optional attribute rate-limit allows you to permit only the allowed rate of traffic as per
the configured rate in kbps, and burst-size in kbytes.
Example: The following shows an example of the command.
(Routing) (Config)#mac access-list extended mac1
(Routing) (Config-mac-access-list)#permit 00:00:00:00:aa:bb ff:ff:ff:ff:00:00 any rate-limit 32 16
(Routing) (Config-mac-access-list)#exit
mac access-group
This command either attaches a specific MAC Access Control List (ACL) identified by name to an interface or
range of interfaces, or associates it with a VLAN ID, in a given direction. The
name parameter must be the name
of an existing MAC ACL.
ipx 0x8037
mplsmcast 0x8848
mplsucast 0x8847
netbios 0x8191
novell 0x8137, 0x8138
pppoe 0x8863, 0x8864
rarp 0x8035
Note: The special command form {deny | permit} any any is used to match all Ethernet layer 2
packets, and is the equivalent of the IP access list “match every” rule.
Table 13: Ethertype Keyword and 4-digit Hexadecimal Value (Cont.)
Ethertype Keyword Corresponding Value