Configuring an Ethernet ACE
Configure an Ethernet ACE to filter on Ethernet parameters.
You do not need to configure Ethertype for IPv6 filters. If you try to configure an Ethertype other than 0x86dd or IPv6 the device displays an error.
Before you begin
The ACL exists.
The ACE exists.
About this task
The eq and mask parameters specify an operator for a field match condition: equal to or mask. The mask operator is an implied eq on the mask bits.
Procedure
Variable definitions
Use the data in the following table to use the filter acl ace ethernet command.
Variable |
Value |
---|---|
<0-7> |
Specifies the priority bits (3-bit field) from the 802.1Q/p tag. |
<0–0x7> |
Specifies the mask value for VLAN tagged priority attribute. |
<0-0xFFF> |
Specifies the mask value for a VLAN attribute. For example: filter acl ace ethernet 10 10 vlan-id eq 10 filter acl ace ethernet 10 10 vlan-id mask 1025 0xF |
<ace-id> |
Specifies the ACE ID. Different hardware platforms support different ACE ID ranges. Use the CLI Help to see the available range for the switch. |
<acl-id> |
Specifies the ACL ID. Use the CLI Help to see the available range for the switch. |
<1-4059> |
Specifies the VLAN ID in the range of 1 to 4059. By default, VLAN IDs 1 to 4059 are configurable and the system reserves VLAN IDs 4060 to 4094 for internal use. On switches that support the vrf-scaling and spbm-config-mode boot configuration flags, if you enable these flags, the system also reserves VLAN IDs 3500 to 3998. VLAN ID 1 is the default VLAN and you cannot create or delete VLAN ID 1. |
{slot/port[/sub-port]} |
Identifies a single slot and port. If the platform supports channelization and the port is channelized, you must also specify the sub-port in the format slot/port/sub-port. |
WORD<1–200> |
Specifies an ether-type name or number:
|
WORD<1–1024> |
If the operator is mask, the WORD<1–1024> parameter is {“”|1..48 ,|mac address mask 0x0..FFFFFFFFFFFF}} If the operator is eq, the WORD<1–1024> parameter is the destination or source MAC address: AA:BB:CC:DD:EE:FF For example: filter acl ace ethernet 10 10 dst-mac eq 0x01:00:5:00:00:01 filter acl ace ethernet 10 10 dst-mac mask 0x01:00:5:00:00:01 24 filter acl ace ethernet 10 10 src-mac mask 0x01:00:5:00:00:01 0xFFFFFFFF0000 |