Permit – Brocade Mobility RFS7000-GR Controller CLI Reference Guide (Supporting software release 4.1.0.0-040GR and later) User Manual

Page 409

Advertising
background image

Brocade Mobility RFS7000-GR CLI Reference Guide

395

53-1001945-01

MAC Extended ACL Config Commands

16

permit

MAC Extended ACL Config Commands

Use this command to specify packets to forward.

NOTE

Use a decimal value representation of ethertypes to implement permit/deny/mark designations for
a packet. Extended MAC ACL’s provide hexadecimal values for each listed ethertype. The switch
supports all ethertypes. Use the decimal equvilant of the ethertype listed in the CLI or for any other
type of ethertype.

A MAC access list (to allow an arp) is mandatory for both port and WLAN ACL’s.

Syntax

{permit} {any|host source MAC address|source MAC\source MAC address mask}

{any|host destination MAC address | destination MAC\destination MAC address mask}

[vlan vlan-id] [dot1p dot1p-value] [type value|ip|ipv6|arp| vlan|wisp|0-65535]

[log] [rule-precedence access-list-entry precedence]

Parameters

Usage Guidelines
When creating a Port ACL, the switch (by default) does not permit an ethertype WISP. First create a
rule to allow WISP to adopt access ports. Use the following CLI command to adopt access ports:

permit any any type wisp

NOTE

Use the following command to attach a MAC access list to a port on a layer 2 interface:

mac access-group <acl number/name> in

Source MAC Address

Bit mask specifying the bits to match. The source wildcard can be any one
of the following.

xx:xx:xx:xx:xx:xx/xx:xx:xx:xx:xx:xx

–Source MAC

address and mask.

any

– Any source host.

host –

Exact source MAC address to match.

Destination MAC Address

Bit mask specifying the bits to match. The destination wildcard can be any
one of the following:

xx:xx:xx:xx:xx:xx/xx:xx:xx:xx:xx:xx

–Destination MAC

address and mask.

any

– Any destination host.

host –

Exact destination MAC address to match.

dot1p

<0-7>

802.1p priority.

rule-precedence

<1-5000>

Access-list entry precedence.

type(

<1-65535>|arp|ip|ipv6|vlan|wi

sp)

EtherType.

vlan

<1-4095>

VLAN ID.

Advertising
Popular Brands
Popular manuals