Deny (extended acls) – Dell POWEREDGE M1000E User Manual

Page 158

Advertising
background image

142

Dell Converged Enhanced Ethernet Command Reference

53-1002115-01

deny (extended ACLs)

10

deny (extended ACLs)

Configures a MAC address rule to drop traffic based on the source and destination MAC addresses.

Synopsis

deny {any | host MAC _ACL| MAC_ACL} {any | host MAC _ACL| MAC _ACL} [EtherType |arp |fcoe |
ipv4] [count]

no deny {any | host MAC _ACL| MAC_ACL} {any | host MAC _ACL| MAC _ACL} [EtherType |arp
|fcoe| ipv4]

Operands

any

Specifies any source MAC address.

host MAC_ACL

Specifies the source host MAC address for which to set deny conditions. Use
the format HHHH.HHHH.HHHH.

MAC_ACL

Specifies the source host MAC address for which to set deny conditions. Use
the format HHHH.HHHH.HHHH.

any

Specifies any destination MAC address.

host MAC_ACL

Specifies the destination host address for which to set deny conditions. Use
the format HHHH.HHHH.HHHH.

MAC_ACL

Specifies the destination host address for which to set deny conditions. Use
the format HHHH.HHHH.HHHH.

Ethertype

Specifies the protocol number for which to set the deny conditions. The
range of valid values is 1536-65535.

arp

Specifies to deny the Address Resolution Protocol (0x0806).

fcoe

Specifies to deny the Fibre Channel over Ethernet Protocol (0x8906).

ipv4

Specifies to deny the IPv4 protocol (0x0800).

count

Enables counting of the packets matching the rule.

Defaults

By default, no MAC ACLs are configured.

Command

Modes

Feature Access Control List Configuration mode

Description

Use this command to configure rules to match and drop traffic based on the source and
destination MAC addresses and the protocol type. You can also enable counters for a specific rule.
There are 255 ACL counters supported per port group. Use the no deny command to remove a rule
from the MAC ACL.

Usage

Guidelines

The first set of {any | host MAC_ACL | MAC_ACL} parameters is specific to the source MAC
address. The second set of {any | host MAC_ACL | MAC_ACL} parameters is specific to the
destination MAC address.

Example

To create a rule in a MAC extended ACL to drop IPv4 traffic from the source MAC address

0022.3333.4444

to the destination MAC address

0022.3333.5555

and

to

enable the counting

of packets:

switch(conf-macl-ext)#deny 0022.3333.4444 0022.3333.5555 ipv4 count

To delete a rule from a MAC extended ACL:

Advertising
Popular Brands
Popular manuals