Configuring a mac acl – Dell POWEREDGE M1000E User Manual
Page 564
564
Configuring Access Control Lists
Configuring a MAC ACL
Beginning in Privileged EXEC mode, use the following commands to create
an MAC ACL, configure rules for the ACL, and bind the ACL to an interface.
CTRL + Z
Exit to Privileged EXEC mode.
show ip access-lists
[
name]
Display all IPv4 access lists and all of the rules that are
defined for the IPv4 ACL. Use the optional
name
parameter to identify a specific IPv4 ACL to display.
Command
Purpose
configure
Enter global configuration mode.
mac access-list extended
name
Create a named MAC ACL. This command also enters
MAC Access List Configuration mode. If a MAC ACL
with this name already exists, this command enters the
mode to update the existing ACL.
{deny | permit}
{
srcmac srcmacmask |
any} {
dstmac
dstmacmask | any |
bpdu } [{
ethertypekey |
0x0600-0xFFFF }] [vlan
eq
0-4095 ] [cos 0-7]
[secondary-vlan eq
0-
4095 ] [secondary-cos
0-7] [log] [time-range
time-range-name]
[assign-queue
queue-id]
[{mirror |redirect}
interface ]
Specify the rules (match conditions) for the MAC access
list.
•
srcmac — Valid source MAC address in format
xxxx.xxxx.xxxx.
•
srcmacmask — Valid MAC address bitmask for the source
MAC address in format xxxx.xxxx.xxxx.
• any — Packets sent to or received from any MAC address
•
dstmac — Valid destination MAC address in format
xxxx.xxxx.xxxx.
•
destmacmask — Valid MAC address bitmask for the
destination MAC address in format xxxx.xxxx.xxxx.
• bpdu — Bridge protocol data unit
•
ethertypekey — Either a keyword or valid four-digit
hexadecimal number. (Range: Supported values are
appletalk, arp, ibmsna, ipv4, ipv6, ipx, mplsmcast,
mplsucast, Netbios, novell, pppoe, rarp.)
•
0x0600-0xFFFF — Specify custom EtherType value
(hexadecimal range 0x0600-0xFFFF)
Command
Purpose