DGS-6604
m
permit | deny (mac access-list)
CLI Reference Guide
478
permit | deny (mac access-list)
Use the
permit
command to define the rule for packets to be based on their MAC
address. Use the
deny
command to define the rule for packets that are to be
denied. Use the
no permit
command to remove a permit entry, and use the
no
deny
command to remove a deny entry
.
{permit | deny}
{any |
host
SRC-MAC-ADDR
|
SRC-MAC-ADDR MASK
}
{any |
host
DST-MAC-
ADDR
|
DST-MAC-ADDR MASK
}
[ethernet-type
TYPE
| llc
dsap
DSAP
ssap
SSAP
cntl
CNTL
]
[dot1p
PRIORITY-TAG
]
[VLAN
VLAN-ID
]
[time-range
PROFILE-NAME
]
[priority
PRIORITY
]
no {permit | deny} {any | host
SRC-MAC-ADDR
|
SRC-MAC-ADDR MASK
} {any | host
DST-
MAC-ADDR
|
DST-MAC-ADDR MASK
}
[ethernet-type
TYPE
| llc dsap
DSAP
ssap
SSAP
cntl
CNTL
]
[dot1p
PRIORITY-TAG
]
[VLAN
VLAN-ID
]
[time-range]
Default
If the priority is not specified, the system assigns it with a priority value 10 or
greater than the largest sequence in that access list and it is placed at the end of
the list.
If the priority is manually assigned, it is better to have a reserved interval for a
future higher priority entry. Otherwise the system attempts to insert an entry with
a higher priority.
Syntax Description
any
Specifies any source MAC address or any destination MAC address.
host
SRC-MAC-ADDR
Specifies a specific source MAC address.
SRC-MAC-ADDR
MASK
Specifies a group of source MAC addresses using a mask.
host
DST-MAC-ADDR
Specifies a specific destination MAC address.
DST-MAC-ADDR
MASK
Specifies a group of destination MAC addresses by using mask.
ethernet-type
TYPE
(Optional) Specifies that the protocol type for the Ethernet II packet or a SNAP
packet by specifying the Ethernet type value which is a number from 0 to 65535.
llc dsap
DSAP
ssap
SSAP
cntl
CNTL
(Optional) Specifies the protocol type for the LLC packet by specifying the DSAP,
SSAP and CONTROL number which is a number from 0 to 255.
dot1p
PRIORITY-TAG
(Optional) Priority tag in value of 0~7.
VLAN
VLAN-ID
(Optional) Specifies the VLAN ID which a number from 1 to 4094.
time-range
PROFILE-
NAME
(Optional) Specifies the name of a time-period profile for activation of the
access-list.
With the no form of this command, this option, time-range (without
PROFILE-
NAME
), removes the setting of an active timer-period, rather than removing the
whole entry.
priority
PRIORITY
(Optional) Access entry priority range is 1 to 65535 where the lower value
represents higher priority for the sequence number. If no priority is specified, the
system automatically assigns it with a priority that is 10 greater than the largest
sequence in that access list and places it at the end of the list.