Brocade Mobility RFS Controller CLI Reference Guide (Supporting software release 5.5.0.0 and later) User Manual

Page 930

Advertising

918

Brocade Mobility RFS Controller CLI Reference Guide

53-1003098-01

Usage Guidelines:

The deny command disallows traffic based on layer 2 (data-link layer) data. The MAC access list
denies traffic from a particular source MAC address or any MAC address. It can also disallow traffic
from a list of MAC addresses based on the source mask.

The MAC access list can disallow traffic based on the VLAN and EtherType.

•

ARP

•

WISP

•

802.1q

NOTE

MAC ACLs always takes precedence over IP based ACLs.

<DEST-MAC>
<DEST-MAC-MASK>

Configures the destination MAC address and mask to match

•

<DEST-MAC> – Specify the destination MAC address to match.

•

<DEST-MAC-MASK> – Specify the destination MAC address mask to match.

Packets addressed to the specified MAC addresses are dropped.

any

Identifies all devices as the destination to deny access. Packets addressed to any destination are dropped.

host
<DEST-HOST-MAC>

Identifies a specific host as the destination to deny access

•

<DEST-HOST-MAC> – Specify the destination host’s exact MAC address to match. Packets addressed to
the specified host are dropped.

dotp1p <0-7>

Configures the 802.1p priority value. Sets the service classes for traffic handling

•

<0-7> – Specify 802.1p priority from 0 - 7.

type
[8021q|<1-65535>|
aarp|appletalk|
arp|ip|ipv6|ipx|mint|
rarp|wisp]

Configures the EtherType value
An EtherType is a two-octet field in an Ethernet frame that indicates the protocol encapsulated in the payload
of the frame. The EtherType values are:

•

8021q – Indicates a 802.1q payload (0x8100)

•

<1-65535> – Indicates the EtherType protocol number

•

aarp – Indicates the Appletalk Address Resolution Protocol (ARP) payload (0x80F3)

•

appletalk – Indicates the Appletalk Protocol payload (0x809B)

•

arp – Indicates the ARP payload (0x0806)

•

ip – Indicates the Internet Protocol, Version 4 (IPv4) payload (0x0800)

•

ipv6 – Indicates the Internet Protocol, Version 6 (IPv6) payload (0x86DD)

•

ipx – Indicates the Novell’s IPX payload (0x8137)

•

mint – Indicates the MiNT protocol payload (0x8783)

•

rarp – Indicates the reverse Address Resolution Protocol (ARP) payload (0x8035)

•

wisp – Indicates the Wireless Internet Service Provider (WISP) payload (0x8783)

vlan <1-4095>

Configures the VLAN where the traffic is received

•

<1-4095> – Specify the VLAN ID from 1 - 4095.

log

Logs all deny events matching this entry. If a source and/or destination MAC address is matched (i.e. a packet
is received from a specified MAC address or is destined for a specified MAC address), an event is logged.

rule-precedence
<1-5000>
rule-description <LINE>

The following keywords are recursive and common to all of the above parameters:

•

rule-precedence – Assigns a precedence for this deny rule

•

<1-5000> – Specify a value from 1 - 5000.

Lower the precedence higher is the priority. A rule with precedence 3 gets priority over a rule with precedence
10.

•

rule-description – Optional. Configures a description for this deny rule. Provide a description that

uniquely identifies the purpose of this rule (should not exceed 128 characters in length).

Advertising

Popular Brands

Popular manuals