Alcatel-Lucent ls 6248 User Guide
Command Line Interface
308
4
• inner vlan eth-type — The inner VLAN of a double tagged packet.
Default Setting
No MAC ACL is defined.
Command Mode
MAC-Access List Configuration mode
Command Usage
Before an Access Control Element (ACE) is added to an ACL, all packets are
permitted. After an ACE is added, an implied
permitted. After an ACE is added, an implied
deny-any-any
condition exists at
the end of the list and those packets that do not match the conditions defined
in the permit statement are denied.
in the permit statement are denied.
If the VLAN ID is specified, the policy map cannot be connected to the VLAN
interface.
interface.
The inner-vlan field can be assigned only on:
• Fast Ethernet customer interfaces (the port mode is customer).
• Service provider interfaces when ALL the traffic is double tagged.
• Service provider interfaces when ALL the traffic is double tagged.
Example
The following example shows how to create a MAC ACL with permit rules.
Related Commands
deny (MAC)
The
deny
MAC-Access List Configuration mode command denies
traffic if the
conditions defined in the deny statement match.
deny
destination
deny
[
disable-port
] {
any
| {source source-wildcard} {
any
| {destination
destination- wildcard}}[
vlan
vlan-id] [
cos
cos cos-wildcard] [
ethtype
eth-type]
[inner-vlan vlan id]
Parameters
• disable-port — Indicates that the port is disabled if the statement is deny.
• source — Specifies the MAC address of the host from which the packet was
• source — Specifies the MAC address of the host from which the packet was
sent.
• source-wildcard — (Optional for the first type) Specifies wildcard bits by
placing 1s in bit positions to be ignored.
• destination — Specifies the MAC address of the host to which the packet is
Console(config)#
mac access-list
macl-acl1
Console(config-mac-al)#
permit
6:6:6:6:6:6 0:0:0:0:0:0
any vlan
6