Brocade Mobility RFS7000-GR Controller CLI Reference Guide (Supporting software release 4.1.0.0-040GR and later) User Manual
Page 410
396
Brocade Mobility RFS7000-GR CLI Reference Guide
53-1001945-01
MAC Extended ACL Config Commands
16
The permit command in the MAC ACL disallows traffic based on layer 2 (data-link layer) information.
The MAC access list permits traffic from a source MAC address or any MAC address. It also has an
option to allow traffic from a list of MAC addresses (based on the source mask).
•
The MAC access list can be configured to allow traffic based on VLAN information, ethernet
type. Common ethernet types include:
•
arp
•
wisp
•
ip
•
802.1q
The switch (by default) does not allow layer 2 traffic to pass through the interface. To adopt an
access port through an interface, configure an access control list to allow ethernet wisp.
NOTE
To apply an IP based ACL to an interface, a MAC access list entry to allow arp is mandatory. MAC ACL
always takes precedence over IP based ACL’s.
The last ACE in the access list is an implict deny statement.
Whenever the interface receives the packet, its content is checked against all the ACEs in the ACL.
It is allowed/denied based on the ACL configuration.
Example
The example below permits wisp based traffic from any source MAC address to any destination
MAC address.
RFS7000(config-ext-macl)#permit any any type wisp
RFS7000(config-ext-macl)#
The example below permits arp based traffic from any source MAC address to any destination MAC
address.
RFS7000(config-ext-macl)#permit any any type arp
RFS7000(config-ext-macl)#
The example below permits IP based traffic from a particular source MAC address to any
destination MAC address.
RFS7000(config-ext-macl)#permit host 11:22:33:44:55:66 any type ip
RFS7000(config-ext-macl)#