Extended Mac Acl Commands; Deny - Dell C9000 Series Reference Manual

Networking command-line reference guide

Hide thumbs Also See for C9000 Series:

Table of Contents

Extended MAC ACL Commands

The following commands configure Extended MAC ACLs. The C9000 supports both Ingress and Egress MAC

When an access-list is created without any rule and then applied to an interface, ACL behavior reflects implicit

For more information, also refer to the

Common MAC Access List Commands

To drop packets that match the filter criteria, configure a filter.

C9000 Series

deny {any | host mac-address | mac-source-address mac-source-

address-mask} {any | host mac-address | mac-destination-address

mac-destination-address-mask} [ethertype-operator] [count [byte]]

[log [interval minutes] [threshold-in-msgs [count]] [monitor]

To remove this filter, you have two choices:

host mac-address

address-mask

mac-destination-

Use the no seq sequence-number command if you know the filter's sequence

Use the no deny {any | host mac-address | mac-source-address

mac-source-address-mask} {any | host mac-address | mac-

destination-address mac-destination-address-mask} command.

Enter the keyword any to drop all packets.

Enter the keyword host and then enter a MAC address to drop

packets with that host address.

Enter a MAC address in nn:nn:nn:nn:nn:nn format.

Specify which bits in the MAC address must match.

The MAC ACL supports an inverse mask; therefore, a mask of

ff:ff:ff:ff:ff:ff allows entries that do not match and a mask of

00:00:00:00:00:00 only allows entries that match exactly.

Enter the destination MAC address and mask in

nn:nn:nn:nn:nn:nn format.

Commands Common to all ACL Types

Access Control Lists (ACL)

Table of Contents