Use this command to replace an L2 ACL entry with a remark, permit or deny entry.
| entry | Specify the entry to be replaced with the rule defined by this command. |
| remark text | Specify a text remark that will replace the specified entry. Valid values: Up to 64 characters within double quotes (“”). |
| deny | permit | Specifies a deny or permits entry for this replacement entry. |
| any | Specifies that any source MAC address and optionally any destination MAC address is applied to this permit or deny rule entry. |
| host source-macAddr | Specifies a host source MAC address in the formats x:x:x:x:x:x or H.H.H to apply to this permit or deny rule entry. |
| source-macAddr source-wildcard | Specifies a source MAC address and mask to apply to this permit or deny rule entry, in the formats x:x:x:x:x:x or H.H.H. |
| host destination-macAddr | (Optional) Sepcifies a host destination MAC address in the formats x:x:x:x:x:x or H.H.H to apply to this permit or deny rule entry. |
| destination-macAddr destination-wildcard | (Optional) Specifies a destination MAC address and mask to apply to this permit or deny rule entry, in the formats x:x:x:x:x:x or H.H.H. |
| dei | (Optional) Specifies that the drop eligibility indicator in the VLAN tag is applied to this permit or deny rule entry. |
| cos cos | (Optional) Specifies that the indicated class of service value is applied to this permit or deny rule entry. |
| vlan vlan | (Optional) Specifies that the indicated VLAN identifier in the VLAN tag is applied to this permit rule entry or specifies the low end of a range of VLANs to apply to this permit or deny rule entry. |
| vidhi | (Optional) Specifies the high end of a range of VLAN identifiers in the VLAN tag to apply to this permit or deny rule entry |
| ethertype data | (Optional) Specifies that the indicated Ethernet II type (0x0 - 0xFFFF) to apply to this permit or deny rule entry. |
| log | log-verbose | (Optional) Enables syslog or verbose syslog messaging for an ACL rule hit. |
Configuration command, L2 ACL configuration mode.
ACL logging is throttled to 1 log message per second. If there are multiple ACL rules with logging enabled (log or log-verbose), and more then one frame is transmitted per second that can hit those rules, only the first frame will generate a message. Logging is sampling and does not report every time that a rule with logging enabled is hit.
This example replaces the current entry at sequence 17 with the remark “I am a remark entry at sequence number 17” in the L2 ACL list1:
System(rw-config)->l2 access-list list1 System(rw-cfg-l2-acl)->replace 17 remark “I am a remark entry at sequence number 17”
This example enters configuration mode for the list1 L2 ACL and replaces the curren entry at list sequence 5 with a permit entry for packets containing (verbose logging is enabled for the inserted entry):
System(rw-config)->l2 access-list list1 System(rw-cfg-l2-acl)->replace 5 permit any host 00:11:88:fd:8e:f0 vlan 11 13 ethertype 800 log-verbose System(rw-cfg-l2-acl)->
Print
this page
Email this topic
Feedback
View PDF
Download EPUB