DELL PC7024 User Manual
274
ACL Commands
deny
|
permit (Mac-Access-List-Configuration)
Use the deny command in Mac-Access-List Configuration mode to deny
traffic if the conditions defined in the deny statement are matched. Use the
permit command in Mac-Access-List Configuration mode to allow traffic if
the conditions defined in the permit statement are matched.
Use this command in Mac-Access-List Configuration mode to create a new
Use this command in Mac-Access-List Configuration mode to create a new
rule for the current MAC access list. Each rule is appended to the list of
configured rules for the list.
The command is enhanced to accept the optional time-range parameter. The
The command is enhanced to accept the optional time-range parameter. The
time-range parameter allows imposing a time limitation on the MAC ACL
rule as defined by the parameter
time-range-name. If a time range with the
specified name does not exist, and the MAC ACL containing this ACL rule is
applied to an interface or bound to a VLAN, then the ACL rule is applied
immediately. If a time range with the specified name exists, and the MAC
ACL containing this ACL rule is applied to an interface or bound to a VLAN,
then the ACL rule is applied when the time-range with a specified name
becomes active. The ACL rule is removed when the time-range with a
specified name becomes inactive.
Syntax
{deny | permit} {{any |
srcmac srcmacmask} {any | bpdu |dstmac
dstmacmask}} [
ethertypekey | 0x0600-0xFFFF] vlan {eq 0-4095}] [cos 0-7]
[[log] [time-range
time-range-name] [assign-queue queue-id] [{mirror |
redirect}
interface-id]
0x8809
Slow Protocols (IEEE 802.3)
0x8870
Jumbo frames
0x888E
EAP over LAN (EAPOL – 802.1x)
0x88CC
Link Layer Discovery Protocol
0x8906
Fibre Channel over Ethernet
0x8914
FCoE Initialization Protocol
0x9100
Q in Q
Ethertype
Protocol
2CSPC4.XCT-SWUM2XX1.book Page 274 Monday, October 3, 2011 11:05 AM