PLANET XGS3-24042 User Manual

Page 957

Advertising
background image

47-23

<dmac-mask> }} [untagged-eth2 [ethertype <protocol> [protocol-mask]]]

[no]{deny|permit}{any-source-mac|{host-source-mac <host_smac> }|{ <smac>

<smac-mask> }} {any-destination-mac|{host-destination-mac <host_dmac> }|{ <dmac>

<dmac-mask> }} [untagged-802-3]

[no]{deny|permit} {any-source-mac|{host-source-mac <host_smac> }|{ <smac>

<smac-mask> }} {any-destination-mac|{host-destination-mac <host_dmac> }|{ <dmac>

<dmac-mask> }} [tagged-eth2 [cos <cos-val> [ <cos-bitmask> ]] [vlanId <vid-value>

[ <vid-mask> ]] [ethertype <protocol> [ <protocol-mask> ]]]

[no]{deny|permit}{any-source-mac|{host-source-mac <host_smac> }|{ <smac>

<smac-mask> }} {any-destination-mac|{host-destination-mac <host_dmac> }|{ <dmac>

<dmac-mask> }} [tagged-802-3 [cos <cos-val> [ <cos-bitmask> ]] [vlanId <vid-value>

[ <vid-mask> ]]]

Functions:

Define an extended name MAC ACL rule, and no command deletes this extended name IP access

rule.

Parameters:

any-source-mac: any source of MAC address; any-destination-mac: any destination of MAC

address; host_smac, smac: source MAC address; smac-mask: mask (reverse mask) of source

MAC address; host_dmac, dmas destination MAC address; dmac-mask mask (reverse mask) of

destination MAC address; untagged-eth2 format of untagged ethernet II packet; tagged-eth2

format of tagged ethernet II packet; untagged-802-3 format of untagged ethernet 802.3 packet;

tagged-802-3 format of tagged ethernet 802.3 packet; cos-val: cos value, 0-7; cos-bitmask: cos

mask, 0-7reverse mask and mask bit is consecutive; vid-value: VLAN No, 1-4094; vid-bitmask:

VLAN mask, 0-4095, reverse mask and mask bit is consecutive; protocol: specific Ethernet

protocol No., 1536-65535; protocol-bitmask: protocol mask, 0-65535, reverse mask and mask bit

is consecutive.

Notice:

mask bit is consecutive means the effective bit must be consecutively effective from the first bit on

the left, no ineffective bit can be added through. For example: the reverse mask format of one byte

is: 00001111b; mask format is 11110000; and this is not permitted: 00010011.

Command Mode:

Name extended MAC access-list configuration mode

Default configuration:

No access-list configured.

Example:

The forward source MAC address is not permitted as 00-12-11-23-XX-XX of 802.3 data packet.

Switch(config)# mac-access-list extended macExt

Switch(Config-Mac-Ext-Nacl-macExt)#deny 00-12-11-23-00-00 00-00-00-00-ff-ff

Advertising
This manual is related to the following products:

XGS3-24242

Popular Brands
Popular manuals