Syntax

mac access-list extended rename <name> <newname>

<name> - Old name which uniquely identifies the MAC access list. <newname> - New name which uniquely identifies the MAC access list.

Default Setting

None

Command Mode

Global Config

5.13.2.3mac access-list

This command creates a new rule for the current MAC access list. Each rule is appended to the list of configured rules for the list. Note that an implicit 'deny all' MAC rule always terminates the access list. Note: The 'no' form of this command is not supported, as the rules within an ACL cannot be deleted individually. Rather, the entire ACL must be deleted and re-specified.

A rule may either deny or permit traffic according to the specified classification fields. At a minimum, the source and destination MAC value and mask pairs must be specified, each of which may be substituted using the keyword any to indicate a match on any value in that field. The bpdu keyword may be specified for the destination MAC value/mask pair indicating a well-known BPDU MAC value of 01-80-c2-xx-xx-xx (hex), where 'xx' indicates a don't care. The remaining command parameters are all optional. The Ethertype may be specified as either a keyword or a four-digit hexadecimal value from 0x0600-0xFFFF. The currently supported <ethertypekey> values are: appletalk, arp, ibmsna, ipv4, ipv6, ipx, mplsmcast, mplsucast, netbios, novell, pppoe, rarp. Each of these translates into its equivalent Ethertype value(s). The assign-queue parameter allows specification of a particular hardware queue for handling traffic that matches this rule. The allowed <queue-id> value is 0-(n-1), where n is the number of user configurable queues available for the hardware platform. The redirect parameter allows the traffic matching this rule to be forwarded to the specified <slot/port>. The assign-queue and redirect parameters are only valid for a 'permit' rule.

Syntax

{denypermit} {{<srcmac> <srcmacmask} any} {{<dstmac> <dstmacmask>} any bpdu} [<ethertypekey> <0x0600-0xFFFF>] [vlan {eq <1-3965>}] [cos <0-7>] [assign-queue <0-6>] [redirect <slot/port>]

285

Page 285
Image 285
Fortinet MR1 manual Syntax Mac access-list extended rename name newname