acl-mac-create
This command is used to create Access Control Lists (ACLs) based on MAC addresses.
Syntax acl-mac-create
|
name name-string |
Specifies the name of the ACL. |
|
action permit|deny |
Specifies the permission of the ACL to be either permit or deny. |
|
src-mac mac-address |
Specifies the source MAC address of the ACL. The value can be any to match all MAC addresses |
|
src-mac-mask mac-address |
Specifies the source MAC address mask. |
|
dst-mac mac-address |
Specifies the destination MAC address of the ACL. The value can be any to match all MAC addresses. |
|
dst-mac-mask mac-address |
Specifies the destination MAC address mask. |
|
ether-type ipv4|arp|wake|rarp|vlan|ipv6|lacp|mpls-uni|mpls-multi|jumbo|dot1X|aoe|lldp|qinq|macsec|ecp| ptp|fcoe|fcoe-init|qinq-old |
Specifies the EtherType value. |
|
vnet vnet-name |
Specify the name of the VNET. |
|
bd bridge-domain name |
Specify the bridge domain name assigned to the ACL. |
|
vlan vlan-id |
Specifies the VLAN identifier, a value between 0-4095. |
|
scope local|fabric |
Specifies the scope of the ACL. |
|
port port-number |
Specifies the switch port number. |
Defaults None
Access CLI
History
|
Version 1.2.1 |
Command introduced. |
|
Version 2.4.1 |
The parameter, vnet, added. |
Usage MAC access control lists (ACLs) can be used to filter network traffic. This command creates a new ACL.
Examples This example shows how to create a fabric-wide ACL named MyMacACL allowing IPv4 traffic from the host with the MAC address e0:f8:47:14:3c:2e to any host.
CLI network-admin@switch > mac-acl-create name MyMacACL action permit scope fabric src e0:f8:47:14:3c:2e dst any type ipv4
acl-mac-delete
This command is used to delete an existing MAC ACL from the switch.
Syntax acl-mac-delete name name-string id acl-id
|
name string |
Specify the name of the ACL to delete. |
|
id acl-id |
Specify the ACL identifier. This is automatically generated by ONVL. |
Defaults None
Access CLI
History Command introduced in nvOS Version 1.2.1.
Usage MAC access control lists (ACLs) can be used to filter network traffic. This command deletes an existing MAC ACL.
Examples To delete the MAC ACL named MyMacACL, use the following command:
CLI network-admin@switch > acl-mac-delete name MyMacACL
acl-mac-modify
This command is used to modify Access Control Lists (ACLs) based on MAC addresses.
Syntax acl-mac-modify name name-string
Defaults
|
name name string |
Specifies the name of the ACL. |
|
id |
Specifies the ID associated with the ACL. |
|
Specify one or more of the following options: |
|
|
action permit|deny |
Specifies the permission of the ACL to be either permit or deny. |
|
src-mac mac-address |
Specifies the source MAC address of the ACL. The value can be any to match all MAC addresses |
|
src-mac-mask mac-address |
Specifies the source MAC address mask. |
|
dst-mac mac-address |
Specifies the destination MAC address of the ACL. The value can be any to match all MAC addresses. |
|
dst-mac-mask mac-address |
Specifies the destination MAC address mask. |
|
ether-type ipv4|arp|wake|rarp|vlan|ipv6|mpls-uni|mpls-multi|jumbo|aoe|dot1X|lldp|lacp|ecp|macsec|ptp|fcoe|fcoe-init|qinq-old |
Specifies the EtherType value. |
|
vnet vnet-name |
Specify the name of the VNET. |
|
bd bridge-domain name |
Specifies the bridge domain name assigned to the ACL |
|
vlan vlan-id |
Specifies the VLAN identifier. |
|
scope local|fabric|cluster |
Specifies the scope of the ACL. |
|
port port-number |
Specifies the switch port number. |
Defaults None
Access CLI
History
|
Version 1.2.1 |
Command introduced. |
|
Version 2.4.1 |
The parameter, vnet, added. |
|
Version 2.5.2 |
The parameter, scope local|fabric|cluster,deprecated. |
Usage MAC access control lists (ACLs) can be used to filter network traffic. This command modifies a new ACL.
Examples This example shows how to modify a fabric-wide ACL named MyMacACL allowing IPv4 traffic from the host with the MAC address e0:f8:47:14:3c:2e to any host.
CLI network-admin@switch > mac-acl-modify name MyMacACL action permit scope fabric src e0:f8:47:14:3c:2e dst any type ipv4
acl-mac-show
Displays information about the ACLs using MAC addresses as a parameter.
Syntax acl-mac-show
|
name name-string |
Specifies the name of the ACL. |
|
id |
Specifies the ID generated by ONVL. |
|
action permit|deny |
Specifies the permission of the ACL to be either permit or deny. |
|
src-mac mac-address |
Specifies the source MAC address of the ACL. The value can be any to match all MAC addresses |
|
src-mac-mask mac-address |
Specifies the source MAC address mask. |
|
dst-mac mac-address |
Specifies the destination MAC address of the ACL. The value can be any to match all MAC addresses. |
|
dst-mac-mask mac-address |
Specifies the destination MAC address mask. |
|
ether-type ipv4|arp|wake|rarp|vlan|ipv6|mpls-uni|mpls-multi|jumbo|aoe|dot1X|lldp|lacp|ecp|macsec|ptp|fcoe|fcoe-init||qinq-old |
Specifies the EtherType value. |
|
vnet vnet-name |
Specify the name of the VNET. |
|
bd bridge-domain name |
Specify the bridge domain name assigned to the ACL. |
|
vlan vlan-id |
Specifies the VLAN identifier, a value between 0-4095. |
|
scope local|fabric |
Specifies the scope of the ACL. |
|
port port-number |
Specifies the switch port number. |
Defaults None
Access CLI
History
|
Version 1.2.1 |
Command introduced. |
|
Version 2.4.1 |
The parameter, vnet, added. |
|
Version 2.5.2 |
The parameter, cluster,deprecated. |
Usage MAC access control lists (ACLs) filter network traffic. This command displays a list of MAC ACLs.
Examples This example shows how to list all MAC ACLs.
CLI network-admin@switch > acl-mac-show
name id action src dst type vlan scope port
-------- --------------- ------ ----------------- -------------------- ----- ----- ----
MyMacACl 54147812341841957 deny e0:f8:47:14:3c:2e ff:ff:ff:ff:ff:ffipv4 0 local 0