Brocade Mobility RFS Controller CLI Reference Guide (Supporting software release 5.5.0.0 and later) User Manual
Page 934
922
Brocade Mobility RFS Controller CLI Reference Guide
53-1003098-01
12
insert [deny|permit] <PARAMETERS> (dot1p <0-7>,type
[8021q|<1-65535>|aarp|appletalk|
arp|ip|ipv6|ipx|mint|rarp|wisp],vlan <1-4095>,log,rule-precedence
<1-5000>)
{(rule-description <LINE>)}
Parameters
insert [deny|permit] <PARAMETERS> (log,mark [8021p <0-7>|dscp <0-63>],
rule-precedence <1-5000>) {(rule-description <LINE>)}
Example
rfs4000-229D58(config-mac-acl-test1)#deny 11-22-33-44-55-66 11-22-33-44-55-77
any rule-precedence 1
rfs4000-229D58(config-mac-acl-test1)#deny host B4-C7-99-6D-CD-9B any
rule-precedence 2
rfs4000-229D58(config-mac-acl-test1)#show context
mac access-list test1
deny 11-22-33-44-55-66 11-22-33-44-55-77 any rule-precedence 1
insert [deny|permit]
Inserts a deny or permit rule within an MAC ACL
<PARMETERS>
Provide the match criteria for this deny/permit rule. Packets will be filtered based on the criteria set here.
For more information on the deny rule, see
For more information on the permit rule, see
.
dotp1p <0-7>
Configures the 802.1p priority value. Sets the service classes for traffic handling
•
<0-7> – Specify 802.1p priority from 0 - 7.
type
[8021q|<1-65535>|
aarp|appletalk|
arp|ip|ipv6|ipx|mint|
rarp|wisp]
Configures the EtherType value
An EtherType is a two-octet field in an Ethernet frame that indicates the protocol encapsulated in the payload
of the frame. The EtherType values are:
•
8021q – Indicates a 802.1q payload (0x8100)
•
<1-65535> – Indicates the EtherType protocol number
•
aarp – Indicates the Appletalk ARP payload (0x80F3)
•
appletalk – Indicates the Appletalk Protocol payload (0x809B)
•
arp – Indicates the ARP payload (0x0806)
•
ip – Indicates the IPv4 payload (0x0800)
•
ipv6 – Indicates the IPv6 payload (0x86DD)
•
ipx – Indicates the Novell’s IPX payload (0x8137)
•
mint – Indicates the MiNT protocol payload (0x8783)
•
rarp – Indicates the reverse ARP payload (0x8035)
•
wisp – Indicates the WISP payload (0x8783)
vlan <1-4095>
Configures the VLAN where the traffic is received
•
<1-4095> – Specify the VLAN ID from 1 - 4095.
log
Logs all deny/permit events matching this entry. If a source and/or destination MAC address is matched (i.e.
a packet is received from a specified MAC address or is destined for a specified MAC address), an event is
logged.
rule-precedence
<1-5000>
rule-description <LINE>
The following keywords are recursive and common to all of the above parameters:
•
rule-precedence – Assigns a precedence for this deny rule
•
<1-5000> – Specify a value from 1 - 5000.
Lower the precedence higher is the priority. A rule with precedence 3 gets priority over a rule with precedence
10.
•
rule-description – Optional. Configures a description for this deny rule. Provide a description that
uniquely identifies the purpose of this rule (should not exceed 128 characters in length).