286 Configuring Switch Information
Configuring MAC Based ACLs with CLI Commands
The following table summarizes the equivalent CLI commands for configuring MAC Based ACLs.
Defining ACL Binding When an ACL is bound to an interface, all the ACE rules that have been defined are applied to the
selected interface.Whenever an ACL is assigned on a port, LAG or, VLAN, flows from that ingress
interface that do not match the ACL are matched to the default rule, which is Drop unmatched packets.
To bind ACLs to interfaces:
1
Open the
Network Security - ACL Bindings
page, click
Switch
→
Network Security
→
ACL Binding
s.
Figure 7-13. Network Security - ACL Binding
2
In the
Select an ACL
field, select an IP Based or MAC Based ACL.
Table 7-6. MAC Based ACL CLI Commands
CLI Command Description
mac access-list access-list-name
no mac access-list access-list-name
To define a Layer 2 access list and to place the device in
MAC access list configuration mode, use the mac
access-list command in global configuration mode. To
remove the access list, use the no form of this command.
permit {any|{source source- wildcard} {any|{
destination destination- wildcard}} [vlan vlan-id] [cos
cos cos-wildcard] [ethtype eth-type] [inner-vlan vlan-id]
To set permit conditions for an MAC access list,
usethe permit command in MAC access list
configuration mode.
deny [disable-port] {any|{source source- wildcard} {any|{
destination destination- wildcard}} [vlan vlan-id] [cos cos
cos-wildcard] [ethtype eth-type] [inner-vlan vlan-id]
To set deny conditions for an MAC access list, use the
deny command in MAC access list configuration mode.