Deny (mac) – Allied Telesis AT-S95 CLI User Manual

Page 20

Not approved by Document Control. For review only.

Allied Telesis

Command Line Interface User’s Guide

Command Mode

MAC-Access List Configuration mode

User Guidelines
•

Enter IP-Access List configuration mode by using the MAC access-list Global Configuration mode command.

•

After an access control entry (ACE) is added to an access control list, an implied deny-any-any condition

exists at the end of the list. That is, if there are no matches, the packets are denied. However, before the first
ACE is added, the list permits all packets.

Example

The following example shows how to create a MAC ACL with permit rules.

deny (MAC)

The deny MAC-Access List Configuration mode command sets deny conditions for an MAC-Access List.

Syntax

deny [disable-port] {any|{source source- wildcard} {any|{ destination destination- wildcard}} [vlan vlan-id] [cos
cos cos-wildcard] [ethtype eth-type]

Parameters
•

disable-port — Indicates the Ethernet interface is disabled if the condition is matched.

•

source — Specifies source MAC address of the packet.

•

source-wildcard — Specifies wildcard bits to be applied to the source MAC address. Use 1s in the bit position

to be ignored.

•

destination — Specifies the MAC address of the host to which the packet is being sent.

•

destination-wildcard — Specifies wildcard bits to be applied to the destination MAC address. Use 1s in the bit

position to be ignored.

•

vlan-id — Specifies the VLAN ID of the packet. (Range: 0 - 4095)

•

cos — Specifies the Class of Service of the packet. (Range: 0 - 7)

•

cos-wildcard — Specifies wildcard bits to be applied to the CoS.

•

eth-type — Specifies the Ethernet type in hexadecimal format of the packet. (Range: 0 - 0xFFFF)

Default Configuration

No MAC-Access List is defined.

Command Mode

MAC-Access List Configuration mode

Console(config)# mac access-list macl-acl1
Console(config-mac-al)# permit 6:6:6:6:6:6 0:0:0:0:0:0 any vlan 6