Korenix Technology Co., Ltd.
Industrial
Layer 3 Managed Ethernet Switch
_____________________________________________________________________________
Industrial Layer 3 Managed Ethernet SwitchUser Manual
Page: 607/1568
6.22.2.4
mac access-list
This command creates a new rule for the current MAC access list. Each rule is appended to the list of
configured rules for the list. Note that an implicit 'deny all' MAC rule always terminates the access list.
Note: The 'no' form of this command is not supported, as the rules within an ACL cannot be deleted
individually. Rather, the entire ACL must be deleted and re-specified.
A rule may either deny or permit traffic according to the specified classification fields. At a minimum, the
source and destination MAC value and mask pairs must be specified, each of which may be substituted
using the keyword any to indicate a match on any value in that field. The bpdu keyword may be specified
for the destination MAC value/mask pair indicating a well-known BPDU MAC value of 01-80-c2-xx-xx-xx
(hex), where 'xx' indicates a don't care. The remaining command parameters are all optional.
The Ethertype may be specified as either a keyword or a four-digit hexadecimal value from
0x0600-0xFFFF. The currently supported <ethertypekey> values are: appletalk, arp, ibmsna, ipv4, ipv6,
ipx, mplsmcast, mplsucast, netbios, novell, pppoe, rarp. Each of these translates into its equivalent
Ethertype value(s).
The vlan and cos parameters refer to the VLAN identifier and 802.1p user priority fields, respectively, of
the VLAN tag. For packets containing a double VLAN tag, this is the first (or outer) tag.
The assign-queue parameter allows specification of a particular hardware queue for handling traffic that
matches this rule. The allowed <queue-id> value is 0-(n-1), where n is the number of user configurable
queues available for the hardware platform.
The mirror parameter allows the traffic matching this rule to be copied to the specified <slot/port>, while
the redirect parameter allows the traffic matching this rule to be forwarded to the specified <slot/port>
The assign-queue and redirect parameters are only valid for a 'permit' rule.
The time-range parameter allows imposing time limitation on the MAC ACL rule as defined by the
parameter time-range-name. If a time range with the specified name does not exist and the MAC ACL
containing this ACL rule is applied to an interface or bound to a VLAN, then the ACL rule is applied
immediately. If a time range with specified name exists and the MAC ACL containing this ACL rule is
applied to an interface or bound to a VLAN, then the ACL rule is applied when the time-range with
specified name becomes active. The ACL rule is removed when the time-range with specified name
becomes inactive.
Syntax
{del-rule-id | deny | permit} {{<srcmac> <srcmask>} | any} {{<dstmac> <dstmask>} | any | bpdu}
[<ethertypekey> | <0x0600-0xFFFF>] [vlan {{eq <0-4095>}} [ cos <0-7>] [log] [time-range
time-range-name] [assign-queue <queue-id>] [{mirror | redirect} <slot/port>] [<rule-id>]
Default Setting
None
Command Mode
Mac Access-list Config