Brocade Mobility RFS7000-GR Controller CLI Reference Guide (Supporting software release 4.1.0.0-040GR and later) User Manual
Page 402
388
Brocade Mobility RFS7000-GR CLI Reference Guide
53-1001945-01
MAC Extended ACL Config Commands
16
•
rarp
•
arp
•
wisp
•
ip
•
802.1q
By default, the switch does not allow layer 2 traffic to pass through the interface. To adopt access
port through an interface, configure an access control list to allow an ethernet wisp.
NOTE
A MAC access list entry to allow arp is mandatory to apply an IP based ACL to an interface. MAC ACL
always takes precedence over IP based ACL’s.
The last ACE in the access list is an implict deny statement.
Whenever the interface receives the packet, its content is checked against all the ACE’s in the ACL.
It is allowed/denied based on the ACL configuration.
Example
The MAC AC (in the example below) denies traffic from any source MAC address to a particular host
MAC address.
RFS7000(config-ext-macl)#deny any host 00:01:ae:00:22:11
RFS7000(config-ext-macl)#
The MAC ACL (in the example below) denies dot1q tagged traffic from VLAN interface 5.
RFS7000(config-ext-macl)#deny any any vlan 5 type 8021q
RFS7000(config-ext-macl)#
The example below denies traffic between two hosts based on MAC addresses.
RFS7000(config-ext-macl)#deny host 01:02:fe:45:76:89 host 01:02:89:78:78:45
RFS7000(config-ext-macl)#