CLI (Command Line Interface)

 

 

MAC ACL Commands (Cont.)

 

 

 

Command

Function

 

 

mask (Cont.)

Example - This example creates an Egress MAC ACL:

 

Console(config)#access-list mac M5

 

Console(config-mac-acl)#deny tagged-802.3 host 00-11-11-11-11-11 any

 

Console(config-mac-acl)#deny tagged-eth2 00-11-11-11-11-11 ff-ff-ff-ff-

 

ff-ff any vid 3 ethertype 0806

 

Console(config-mac-acl)#end

 

Console#show access-list

 

MAC access-list M5:

 

deny tagged-802.3 host 00-11-11-11-11-11 any

 

deny tagged-eth2 host 00-11-11-11-11-11 any vid 3 ethertype 0806

 

Console(config)#access-list mac mask-precedence out

 

Console(config-mac-mask-acl)#mask pktformat ff-ff-ff-ff-ff-ff any vid

 

Console(config-mac-mask-acl)#exit

 

Console(config)#interface ethernet 1/5

 

Console(config-if)#mac access-group M5 out

 

Console(config-if)#end

 

Console#show access-list

 

MAC access-list M5:

 

deny tagged-eth2 host 00-11-11-11-11-11 any vid 3 ethertype 0806

 

deny tagged-802.3 host 00-11-11-11-11-11 any

 

MAC ingress mask ACL:

 

mask pktformat host any vid ethertype

 

Console#

 

 

show access-list mac mask-

Syntax:

precedence

show access-list mac mask-precedence [in out]

This command shows the ingress

• in – Ingress mask precedence for ingress ACLs.

or egress rule masks for MAC

• out – Egress mask precedence for egress ACLs.

ACLs.

Command Mode: Privileged Exec

 

 

Example:

 

Console#show access-list mac mask-precedence

 

MAC egress mask ACL:

 

mask pktformat host any vid ethertype

 

Console#

 

 

permit offset, deny offset

Syntax:

(MAC ACL)

{permit deny} offset offset_value length bitmask data

Use this command to add a rule

no {permit deny} offset offset_value length bitmask data

• offset_value – Byte offset from the beginning of the frame.

to a MAC ACL. The rule fliters

• length – Length of the data pattern to match.

packets matching the specified

• bitmask – Decimal number representing the data bits to match.

data pattern starting at the offset.

Use the no form to remove a rule.

• data – Data to match, entered as a sequence of hexadecimal letters with

 

no separators.

 

Default Setting: None

 

Command Mode: MAC ACL

 

Command Usage: This command is used to filter frames that match a

 

specified pattern, and can be used to filter traffic associated with precisely

 

defined events.

 

The bitmask is a decimal number (representing an equivalent bit mask)

 

that is applied to the data. Enter a decimal number, where the equivalent

 

binary bit “1” means to match a bit and “0” means to ignore a bit.

 

Packet filtering based on arbitrary offsets and data patterns can adversely

 

affect switch throughput. Try to avoid using packet

 

filtering based on pattern matching unless this is absolutely necessary to

 

solve a specific problem.

 

Example:

 

This example shows how to filter any Ethernet II packets directed to the IP

 

address 10.1.0.23 that have the Don’t Fragment flag set.

 

Console(config)#access-list mac jerry

 

Console(config-mac-acl)#permit offset ???

 

 

NXA-ENET24 - Software Management Guide

221

 

 

Page 241
Image 241
AMX NXA-ENET24 manual Show access-list mac mask Syntax Precedence, Permit offset, deny offset Syntax

NXA-ENET24 specifications

The AMX NXA-ENET24 is a versatile and powerful networked control interface designed to meet the growing demands of modern AV systems. This network switch offers an exceptional combination of reliability, performance, and scalability, making it an ideal choice for professional environments such as conference rooms, educational facilities, and control rooms.

One of the key features of the NXA-ENET24 is its 24-port configuration, allowing for extensive connectivity options. Each port supports 10/100/1000 Mbps speeds, ensuring that high bandwidth applications are handled with ease. Additionally, the switch incorporates advanced auto-negotiation technology, which automatically configures the optimal speed and duplex mode for connected devices. This ensures seamless connectivity and minimizes the risk of network disruptions.

The NXA-ENET24 is designed with advanced management capabilities, including support for VLANs, which helps to segment network traffic for enhanced security and performance. Network administrators can easily create virtual local area networks to optimize traffic flow and reduce congestion. This feature is particularly beneficial in environments where multiple AV systems operate concurrently.

Another significant characteristic of the NXA-ENET24 is its support for Power over Ethernet, or PoE. This feature enables the switch to deliver electrical power alongside data through the network cables. As a result, devices such as IP cameras, VoIP phones, and wireless access points can be powered directly from the switch, simplifying deployment and reducing the need for additional power sources.

Monitoring and management of the switch are made easier through a user-friendly interface. The NXA-ENET24 supports SNMP for network management, allowing users to monitor performance metrics, configure settings, and receive alerts in case of issues. This level of oversight is crucial for maintaining the stability of AV systems in mission-critical applications.

Durability is another hallmark of the NXA-ENET24 design. The switch features a robust chassis that is engineered to withstand the rigors of professional use. With cooling mechanisms in place and a fanless design, the NXA-ENET24 operates quietly and efficiently, making it suitable for environments where noise is a concern.

In conclusion, the AMX NXA-ENET24 is a powerful, reliable, and feature-rich network switch that effectively supports modern AV applications. With its extensive connectivity options, advanced management capabilities, PoE support, and durable design, it is an excellent choice for integrators and organizations looking to optimize their network infrastructure.