212 ACL Commands
Syntax
{deny | permit} {
srcmac
srcmacmask
| any} {
dstmac dstmacmask
| any |
bpdu} [{
ethertypekey
|
0x0600-0xFFFF
}] [vlan eq
0-4095
] [cos
0-7
]
[secondary-vlan eq
0-4095
] [secondary-cos
0-7
] [log] [assign-queue
queue-
id
] [{mirror |redirect}
interface
]
•
srcmac
— Valid source MAC address in format xxxx.xxxx.xxxx.
•
srcmacmask
— Valid MAC address bitmask for the source MAC address in
format xxxx.xxxx.xxxx.
•
any
— Packets sent to or received from any MAC address
•
dstmac
— Valid destination MAC address in format xxxx.xxxx.xxxx.
•
destmacmask
— Valid MAC address bitmask for the destination MAC
address in format xxxx.xxxx.xxxx.
•
bpdu
— Bridge protocol data unit
•
ethertypekey
— Either a keyword or valid four-digit hexadecimal number.
(Range: Supported values are appletalk, arp, ibmsna, ipv4, ipv6, ipx,
mplsmcast, mplsucast, Netbios, novell, pppoe, rarp.)
•
0x0600-0xFFFF
— Specify custom ethertype value (hexadecimal range
0x0600-0xFFFF)
•
vlan eq
— VLAN number. (Range 0-4095)
•
cos
— Class of service. (Range 0-7)
• log — Specifies that this rule is to be logged.
•
assign-queue
— Specifies particular hardware queue for handling traffic
that matches the rule.
•
queue-id
— 0-6, where n is number of user configurable queues available
for that hardware platform.
• mirror — Copies the traffic matching this rule to the specified interface.
•
redirect
— Forwards traffic matching this rule to the specified physical
interface.
•
interface
— Valid physical interface in
unit/<port-type>port
format, for
example 1/g12.
