Deny | permit – Dell PowerEdge M805 User Manual

286

ACL Commands

www

.dell.com | support.dell.com

•

log—Specifies that this rule is to be logged.

•

assign-queue queue-id—Specifies the particular hardware queue for handling traffic that
matches the rule. (Range: 0-6)

•

mirror interface—Allows the traffic matching this rule to be copied to the specified
interface.

•

redirect interface—This parameter allows the traffic matching this rule to be forwarded
to the specified unit/port.

Default Configuration

This command has no default configuration.

Command Mode

Global Configuration mode

User Guidelines

Users are permitted to add rules, but if a packet does not match any user-specified rules, the
packet is dropped by the implicit "deny all" rule.

Examples

The following examples create an ACL to discard any HTTP traffic from 192.168.77.171, but
allow all other traffic from 192.168.77.171:

console(config)#access-list alpha deny 192.168.77.171 0.0.0.0

0.0.0.0 255.255.255.255 eq http

console(config)#access-list alpha permit 192.168.77.171 0.0.0.0

deny | permit

Use the deny command in Mac-Access-List Configuration mode to deny traffic if the conditions
defined in the deny statement are matched. Use the permit command in Mac-Access-List
Configuration mode to allow traffic if the conditions defined in the permit statement are matched.

Syntax

{deny | permit} {srcmac srcmacmask | any} {dstmac dstmacmask | any | bpdu }
[{ethertypekey | 0x0600-0xFFFF }] [ vlan eq 0-4095 ] [cos 0-7] [secondary-vlan eq 0-4095 ]
[secondary-cos 0-7] [log] [ assign-queue queue-id ] [{mirror |redirect} interface ]

•

srcmac—Valid source MAC address in format xxxx.xxxx.xxxx.

•

srcmacmask—Valid MAC address bitmask for the source MAC address in format
xxxx.xxxx.xxxx.

•

any—Packets sent to or received from any MAC address