Permit, deny (arp acl), Permit, deny (257, Permit, deny – Brocade Communications Systems Brocate Ethernet Access Switch 6910 User Manual

Brocade 6910 Ethernet Access Switch Configuration Guide

257

53-1002581-01

ARP ACLs

11

permit, deny (ARP ACL)

This command adds a rule to an ARP ACL. The rule filters packets matching a specified source or
destination address in ARP messages. Use the no form to remove a rule.

Syntax

[no] {permit | deny}

ip {any | host source-ip | source-ip ip-address-bitmask}
mac {any | host source-mac | source-mac mac-address-bitmask} [log]

This form indicates either request or response packets.

[no] {permit | deny} request

ip {any | host source-ip | source-ip ip-address-bitmask}
mac {any | host source-mac | source-mac mac-address-bitmask} [log]

[no] {permit | deny} response

ip {any | host source-ip | source-ip ip-address-bitmask}
{any | host destination-ip | destination-ip ip-address-bitmask}
mac {any | host source-mac | source-mac mac-address-bitmask}
[any | host destination-mac | destination-mac mac-address-bitmask] [log]

source-ip – Source IP address.

destination-ip – Destination IP address with bitmask.

ip-address-bitmask

6

– IPv4 number representing the address bits to match.

source-mac – Source MAC address.

destination-mac – Destination MAC address range with bitmask.

mac-address-bitmask

6

– Bitmask for MAC address (in hexadecimal format).

log - Logs a packet when it matches the access control entry.

Default Setting

None

Command Mode

ARP ACL

Command Usage

New rules are added to the end of the list.

Example

This rule permits packets from any source IP and MAC address to the destination subnet address
192.168.0.0.

Console(config-arp-acl)#$permit response ip any 192.168.0.0 255.255.0.0 mac any

any

Console(config-mac-acl)#

6. For all bitmasks, binary “1” relevant and “0” means ignore.