Brocade Communications Systems 53-1001762-01 permit (extended ACLs)

116 Converged Enhanced Ethernet Command Reference

53-1001762-01

permit (extended ACLs)

DRAFT: BROCADE CONFIDENTIAL

permit (extended ACLs)

Configures a MAC address rule to permit traffic based on the source and destination MAC

addresses.

Synopsis permit {any | host MAC _ACL| MAC_ACL} {any | host MAC _ACL| MAC _ACL} [EtherType | arp |

fcoe | ipv4] [count]

no permit {any | host MAC _ACL| MAC_ACL} {any | host MAC _ACL| MAC _ACL} [EtherType | arp |

fcoe| ipv4]

Operands any Specifies any source MAC address.

host MAC_ACL Specifies the source host MAC address for which to set permit conditions.

Use the format HHHH.HHHH.HHHH.

MAC_ACL Specifies the source host MAC address for which to set permit conditions.

Use the format HHHH.HHHH.HHHH.

any Specifies any destination MAC address.

host MAC_ACL Specifies the destination host address for which to set permit conditions. Use

the format HHHH.HHHH.HHHH.

MAC_ACL Specifies the destination host address for which to set permit conditions. Use

the format HHHH.HHHH.HHHH.

Ethertype Specifies the protocol number for which to set the permit conditions. The

range of valid values is 1536-65535.

arp Specifies to permit the Address Resolution Protocol (0x0806).

fcoe Specifies to permit the Fibre Channel over Ethernet Protocol (0x8906).

ipv4 Specifies to permit the IPv4 protocol (0x0800).

count Enables counting of the packets matching the filter rule.

Defaults By default, no MAC ACLs are configured.

Command

Modes

Feature Access Control List Configuration mode

Description Use this command to configure rules to match and to permit traffic based on the source and

destination MAC addresses, and the protocol type. You can also enable counters for a specific rule.

There are 255 ACL counters supported per port group. Use the no permit command to remove a

rule from the MAC ACL.

Usage

Guidelines

The first set of {any | host MAC_ACL | MAC_ACL} parameters is specific to the source MAC

address. The second set of {any | host MAC_ACL | MAC_ACL} parameters is specific to the

destination MAC address.

Example To create a rule in a MAC extended ACL to permit IPv4 traffic from the source MAC address

0022.3333.4444 to the destination MAC address 0022.3333.5555 and to enable the counting of

packets:

switch(conf-macl-ext)#permit 0022.3333.4444 0022.3333.5555 ipv4 count