acl-mac-create

This command is used to create Access Control Lists (ACLs) based on MAC addresses.

Syntax   acl-mac-create

name name-string

Specifies the name of the ACL.

action permit|deny

Specifies the permission of the ACL to be either permit or deny.

src-mac mac-address

Specifies the source MAC address of the ACL. The value can be any to match all MAC addresses

src-mac-mask mac-address

Specifies the source MAC address mask.

dst-mac mac-address

Specifies the destination MAC address of the ACL. The value can be any to match all MAC addresses.

dst-mac-mask mac-address

Specifies the destination MAC address mask.

ether-type ipv4|arp|wake|rarp|vlan|ipv6|lacp|mpls-uni|mpls-multi|jumbo|dot1X|aoe|lldp|qinq|macsec|ecp|

ptp|fcoe|fcoe-init|qinq-old

Specifies the EtherType value.

vnet vnet-name

Specify the name of the VNET.

bd bridge-domain name

Specify the bridge domain name assigned to the ACL.

vlan vlan-id

Specifies the VLAN identifier, a value between 0-4095.

scope local|fabric

Specifies the scope of the ACL.

port port-number

Specifies the switch port number.

Defaults   None

Access   CLI

History   

Version 1.2.1

Command introduced.

Version 2.4.1

The parameter, vnet, added.

Usage   MAC access control lists (ACLs) can be used to filter network traffic. This command creates a new ACL.

Examples  This example shows how to create a fabric-wide ACL named MyMacACL allowing IPv4 traffic from the host with the MAC address e0:f8:47:14:3c:2e to any host.

CLI network-admin@switch > mac-acl-create name MyMacACL action permit scope fabric src e0:f8:47:14:3c:2e dst any type ipv4

acl-mac-delete

This command is used to delete an existing MAC ACL from the switch.

Syntax   acl-mac-delete name name-string id acl-id

name string

Specify the name of the ACL to delete.

id acl-id

Specify the ACL identifier. This is automatically generated by ONVL.

Defaults   None

Access   CLI

History   Command introduced in nvOS Version 1.2.1.

Usage   MAC access control lists (ACLs) can be used to filter network traffic. This command deletes an existing MAC ACL.

Examples  To delete the MAC ACL named MyMacACL, use the following command:

CLI network-admin@switch > acl-mac-delete name MyMacACL

acl-mac-modify

This command is used to modify Access Control Lists (ACLs) based on MAC addresses.

Syntax   acl-mac-modify name name-string 

Defaults   

name name string

Specifies the name of the ACL.

id

Specifies the ID associated with the ACL.

Specify one or more of the following options:

action permit|deny

Specifies the permission of the ACL to be either permit or deny.

src-mac mac-address

Specifies the source MAC address of the ACL. The value can be any to match all MAC addresses

src-mac-mask mac-address

Specifies the source MAC address mask.

dst-mac mac-address

Specifies the destination MAC address of the ACL. The value can be any to match all MAC addresses.

dst-mac-mask mac-address

Specifies the destination MAC address mask.

ether-type ipv4|arp|wake|rarp|vlan|ipv6|mpls-uni|mpls-multi|jumbo|aoe|dot1X|lldp|lacp|ecp|macsec|ptp|fcoe|fcoe-init|qinq-old

Specifies the EtherType value.

vnet vnet-name

Specify the name of the VNET.

bd bridge-domain name

Specifies the bridge domain name assigned to the ACL

vlan vlan-id

Specifies the VLAN identifier.

scope local|fabric|cluster

Specifies the scope of the ACL.

port port-number

Specifies the switch port number.

Defaults   None

Access   CLI

History   

Version 1.2.1

Command introduced.

Version 2.4.1

The parameter, vnet, added.

Version 2.5.2

The parameter, scope local|fabric|cluster,deprecated.

Usage   MAC access control lists (ACLs) can be used to filter network traffic. This command modifies a new ACL.

Examples  This example shows how to modify a fabric-wide ACL named MyMacACL allowing IPv4 traffic from the host with the MAC address e0:f8:47:14:3c:2e to any host.

CLI network-admin@switch > mac-acl-modify name MyMacACL action permit scope fabric src e0:f8:47:14:3c:2e dst any type ipv4

acl-mac-show

Displays information about the ACLs using MAC addresses as a parameter.

Syntax   acl-mac-show

name name-string

Specifies the name of the ACL.

id

Specifies the ID generated by ONVL.

action permit|deny

Specifies the permission of the ACL to be either permit or deny.

src-mac mac-address

Specifies the source MAC address of the ACL. The value can be any to match all MAC addresses

src-mac-mask mac-address

Specifies the source MAC address mask.

dst-mac mac-address

Specifies the destination MAC address of the ACL. The value can be any to match all MAC addresses.

dst-mac-mask mac-address

Specifies the destination MAC address mask.

ether-type ipv4|arp|wake|rarp|vlan|ipv6|mpls-uni|mpls-multi|jumbo|aoe|dot1X|lldp|lacp|ecp|macsec|ptp|fcoe|fcoe-init||qinq-old

Specifies the EtherType value.

vnet vnet-name

Specify the name of the VNET.

bd bridge-domain name

Specify the bridge domain name assigned to the ACL.

vlan vlan-id

Specifies the VLAN identifier, a value between 0-4095.

scope local|fabric

Specifies the scope of the ACL.

port port-number

Specifies the switch port number.

Defaults   None

Access   CLI

History   

Version 1.2.1

Command introduced.

Version 2.4.1

The parameter, vnet, added.

Version 2.5.2

The parameter, cluster,deprecated.

Usage   MAC access control lists (ACLs) filter network traffic. This command displays a list of MAC ACLs.

Examples  This example shows how to list all MAC ACLs.

CLI network-admin@switch > acl-mac-show

name      id               action  src                dst  type              vlan  scope  port

--------  ---------------  ------  -----------------  --------------------   ----- -----  ----

MyMacACl 54147812341841957 deny    e0:f8:47:14:3c:2e ff:ff:ff:ff:ff:ffipv4   0     local  0