Extended Mac Acl Commands; Deny - Dell S4810 Reference Manual

Version 7.5.1.0
Version 7.4.1.0
pre-Version
6.1.1.0
Usage
When you use the log option, the CP processor logs details about the packets that
Information
match. Depending on how many packets match the log entry and at what rate, the
CP may become busy as it has to log these packets' details.
Related

deny

Commands
permit

Extended MAC ACL Commands

When an access-list is created without any rule and then applied to an interface, ACL behavior reflects
implicit permit. The following commands configure Extended MAC ACLs.
The S4810 supports both Ingress and Egress MAC ACLs.
NOTE: For more information, also refer to the
MAC Access List Commands
deny
To drop packets that match the filter criteria, configure a filter.
S4810
Syntax
deny {any | host mac-address | mac-source-address mac-source-
address-mask} {any | host mac-address | mac-destination-address
mac-destination-address-mask} [ethertype-operator] [count
[byte]] [log] [monitor]
To remove this filter, you have two choices:
•
•
256
Introduced on the C-Series.
Added the monitor option.
Introduced on the E-Series.
NOTE: When ACL logging and byte counters are configured simultaneously,
byte counters may display an incorrect value. Configure packet counters with
logging instead.
— configures a filter to drop packets.
— configures a filter to forward packets.
sections.
Use the no seq sequence-number command if you know the filter's
sequence number.
Use the no deny {any | host mac-address | mac-source-address
mac-source-address-mask} {any | host mac-address | mac-
destination-address mac-destination-address-mask} command.
Commands Common to all ACL Types and Common
Access Control Lists (ACL)