Brocade Mobility RFS Controller CLI Reference Guide (Supporting software release 5.5.0.0 and later) User Manual

Page 1130

Advertising
background image

1122

Brocade Mobility RFS Controller CLI Reference Guide

53-1003098-01

19

A MAC firewall rule uses source and destination MAC addresses for matching operations, where the
result is a typical allow, deny or mark designation to packet traffic.

Supported in the following platforms:

Access Points — Brocade Mobility 650 Access Point, Brocade Mobility 6511 Access Point,
Brocade Mobility 1220 Access Point, Brocade Mobility 71XX Access Point, Brocade
Mobility 1240 Access Point

Wireless Controllers — Brocade Mobility RFS4000, Brocade Mobility RFS6000, Brocade
Mobility RFS7000

Service Platforms — Brocade Mobility RFS9510

Syntax:

use [ip-access-list|mac-access-list]

use ip-access-list [in|out] <IP-ACCESS-LIST-NAME> precedence <1-100>

use mac-access-list [in|out] <MAC-ACCESS-LIST-NAME> precedence <1-100>

Parameters

use ip-access-list [in|out] <IP-ACCESS-LIST-NAME> precedence <1-100>

use mac-access-list [in|out] <MAC-ACCESS-LIST-NAME> precedence <1-100>

Example

rfs7000-37FABE(config-role-policy-test-user-role-testing)#use ip-access-list

in

test precedence 9

rfs7000-37FABE(config-role-policy-test-user-role-testing)#show context

user-role testing precedence 10

ssid not-contains DevUser

captive-portal authentication-state pre-login

city exact SanJose

company exact MotorolaSolutions

country exact America

department exact TnV

emailid exact [email protected]

ip-access-list [in|out]

Uses an IP access list with this user role

in – Applies the rule to incoming packets

out – Applies the rule to outgoing packets

<IP-ACCESS-LIST-NAME>

Specify the IP access list name.

precedence <1-100>

After specifying the name of the access list, specify the precedence applied to it. Based on the packets
received, a lower precedence value is evaluated first.

<1-100> – Sets a precedence from 1 - 100

mac-access-list [in|out]

Uses a MAC access list with this user role

in – Applies the rule to incoming packets

out – Applies the rule to outgoing packets

<MAC-ACCESS-LIST-NAME>

Specify the MAC access list name.

precedence <1-100>

After specifying the name of the access list, specify the precedence applied to it. Based on the packets
received, a lower precedence value is evaluated first

<1-100> – Sets a precedence from 1 - 100

Advertising
Popular Brands
Popular manuals