Access Control Lists — MAC

acl-mac-create

This command is used to create Access Control Lists (ACLs) based on MAC addresses.

Syntax   acl-mac-show name name-string action permit|deny [src-mac mac-address] [src-mac-mask mac-address] [dst-mac mac-address] [dst-mac-mask mac-address] [ether-type ipv4|arp|wake|rarp|vlan|ipv6|mpls-uni|mpls-multi|jumbo|aoe|dot1X|lldp|ecp|macsec|ptp|fcoe|fcoe-init|qinq] [vnet vnet-name] [vlan vlan-id] [scope local|fabric] [port port-number]

name string

Specifies the name of the ACL.

action permit|deny

Specifies the permission of the ACL to be either permit or deny.

src-mac mac-address

Specifies the source MAC address of the ACL. The value can be any to match all MAC addresses

src-mac-mask mac-address

Specifies the source MAC address mask.

dst-mac mac-address

Specifies the destination MAC address of the ACL. The value can be any to match all MAC addresses.

dst-mac-mask mac-address

Specifies the destination MAC address mask.

ether-type ipv4|arp|wake|rarp|
vlan|ipv6|mpls-uni|
mpls-multi|jumbo|aoe|
dot1X|lldp|lacp|ecp|

macsec|ptp|fcoe|fcoe-init|qinq-old

Specifies the EtherType value.

vnet vnet-name

Specify the name of the VNET.

vlan vlan-id

Specifies the VLAN identifier.

scope local|fabric|cluster

Specifies the scope of the ACL.

port port-number

Specifies the switch port number.

Defaults   None

Access   CLI

History   

Version 1.2.1

Command introduced.

Version 2.4.1

The parameter, vnet, added.

Usage   MAC access control lists (ACLs) can be used to filter network traffic. This command creates a new ACL.

Examples  This example shows how to create a fabric-wide ACL named MyMacACL allowing IPv4 traffic from the host with the MAC address e0:f8:47:14:3c:2e to any host.

CLI network-admin@switch > mac-acl-create name MyMacACL action permit scope fabric src e0:f8:47:14:3c:2e dst any type ipv4

See Also   

acl-mac-delete

acl-mac-modify

acl-mac-show