Viewing layer 2 acls, Example of layer 2 acl deny by mac address – Brocade BigIron RX Series Configuration Guide User Manual
Page 669
BigIron RX Series Configuration Guide
591
53-1002484-04
Viewing Layer 2 ACLs
21
Viewing Layer 2 ACLs
Use the show access-list command to monitor configuration and statistics and to diagnose Layer 2
ACL tables. The following shows an example output.
BigIron RX(config)# show access-list 400
L2 MAC Access List 400:
permit any any 100 etype ipv4
deny any any any etype arp
Syntax: show access-list <number>
The <num> parameter specifies the Layer 2 ACL table ID.
Example of Layer 2 ACL deny by MAC address
In the following example, an ACL is created that denies all traffic from the host with the MAC
address 0012.3456.7890 being sent to the host with the MAC address 0011.2233.4455.
BigIron RX(config)# access-list 401 deny 0012.3456.7890 ffff.ffff.ffff
0011.2233.4455 ffff.ffff.ffff
BigIron RX(config)# access-list 401 permit any any
Using the mask, you can make the access list apply to a range of addresses. For instance if you
changed the mask in the previous example from 0012.3456.7890 to ffff.ffff.fff0, all hosts with
addresses from 0012.3456.7890 to 0012.3456.789f would be blocked. This configuration for this
example is shown in the following.
BigIron RX(config)# access-list 401 deny 0012.3456.7890 ffff.ffff.fffe
0011.2233.4455 ffff.ffff.ffff
BigIron RX(config)# access-list 401 permit any any