4
129
4.9
deny (MAC)
Use the deny command in MAC Access-list Configuration mode to set deny
conditions (ACEs) for a MAC ACL. Use the no form of the command to remove the
access control entry.
Syntax
{any | source source-wildcard} {any | destination destination-wildcard}
deny
[
priority][{eth-type 0}| aarp | amber | dec-spanning | decnet-iv |
ace-priority
diagnostic | dsm | etype-6000] [vlan vlan-id] [cos cos cos-wildcard] [
time-range-name] [disable-port | l og-input ]
{any | source source-wildcard} {any | destination destination-wildcard}
no deny
[{eth-type 0}| aarp | amber | dec-spanning | decnet-iv | diagnostic | dsm |
etype-6000] [vlan vlan-id] [cos cos cos-wildcard] [
[disable-port | l og-input ]
Parameters
•
source
—Source MAC address of the packet.
•
source-wildcard
Use ones in the bit position that you want to be ignored.
•
destination
—Destination MAC address of the packet.
•
destination-wildcard
address. Use 1s in the bit position that you want to be ignored.
•
priority
- Specify the priority of the access control entry (ACE) in the access
control list (ACL). "1" value represents the highest priority and "2147483647"
number represents the lowest priority.(Range: 1-2147483647)
•
eth-type
—The Ethernet type in hexadecimal format of the packet.
•
vlan-id
—The VLAN ID of the packet. (Range: 1–4094).
•
cos
—The Class of Service of the packet.(Range: 0–7).
•
cos-wildcard
—Wildcard bits to be applied to the CoS.
•
time-range-name—Name of the time range that applies to this permit
statement. (Range: 1–32)
•
disable-port—The Ethernet interface is disabled if the condition is matched.
•
log-input—Specifies sending an informational syslog message about the
packet that matches the entry. Because forwarding/dropping is done in
—Wildcard bits to be applied to the source MAC address.
—Wildcard bits to be applied to the destination MAC
OL-32830-01 Command Line Interface Reference Guide
ACL Commands
time-range
time-range-name]
time-range