Configuring MAC Based ACLs with CLI Commands

The following table summarizes the equivalent CLI commands for configuring MAC Based ACLs.

Table 7-6. MAC Based ACL CLI Commands

CLI Command

Description

 

 

mac access-list access-list-name

To define a Layer 2 access list and to place the device in

no mac access-list access-list-name

MAC access list configuration mode, use the mac

access-list command in global configuration mode. To

 

 

remove the access list, use the no form of this command.

 

 

permit {any{source source- wildcard} {any{

To set permit conditions for an MAC access list,

destination destination- wildcard}} [vlan vlan-id] [cos

use the permit command in MAC access list

cos cos-wildcard] [ethtype eth-type][inner-vlanvlan-id]

configuration mode.

 

 

deny [disable-port] {any{source source- wildcard} {any{

To set deny conditions for an MAC access list, use the

destination destination- wildcard}} [vlan vlan-id] [cos cos

deny command in MAC access list configuration mode.

cos-wildcard] [ethtype eth-type][inner-vlanvlan-id]

 

 

 

Defining ACL Binding

When an ACL is bound to an interface, all the ACE rules that have been defined are applied to the selected interface.Whenever an ACL is assigned on a port, LAG or, VLAN, flows from that ingress interface that do not match the ACL are matched to the default rule, which is Drop unmatched packets.

To bind ACLs to interfaces:

1Open the Network Security - ACL Bindings page, click Switch Network Security ACL Bindings.

Figure 7-13. Network Security - ACL Binding

2In the Select an ACL field, select an IP Based or MAC Based ACL.

286

Configuring Switch Information

Page 286
Image 286
Dell 3548 manual Defining ACL Binding, Network Security ACL Binding