filter acl ace ethernet

Syntax

• default filter acl ace ethernet <acl-id> <ace-id>

• filter acl ace ethernet <acl-id> <ace-id> dst-mac eq WORD<1-1024>

• filter acl ace ethernet <acl-id> <ace-id> dst-mac mask WORD<1-1024> WORD<1-1024>

• filter acl ace ethernet <acl-id> <ace-id> ether-type eq WORD<1-200>

• filter acl ace ethernet <acl-id> <ace-id> port eq {slot/port[/sub-port]}

• filter acl ace ethernet <acl-id> <ace-id> src-mac eq WORD<1-1024>

• filter acl ace ethernet <acl-id> <ace-id> src-mac mask WORD<1-1024> WORD<1-1024>

• filter acl ace ethernet <acl-id> <ace-id> vlan-id eq <1-4059>

• filter acl ace ethernet <acl-id> <ace-id> vlan-id mask <1-4059> <0-0xFFF | 0x0-0x0>

• filter acl ace ethernet <acl-id> <ace-id> vlan-tag-prio eq <0-7>

• filter acl ace ethernet <acl-id> <ace-id> vlan-tag-prio mask <0-7> <0-0x7 | 0x0-0x0>

• no filter acl ace ethernet <acl-id> <ace-id>

• no filter acl ace ethernet <acl-id> <ace-id> dst-mac

• no filter acl ace ethernet <acl-id> <ace-id> ether-type

• no filter acl ace ethernet <acl-id> <ace-id> port

• no filter acl ace ethernet <acl-id> <ace-id> src-mac

• no filter acl ace ethernet <acl-id> <ace-id> vlan-id

• no filter acl ace ethernet <acl-id> <ace-id> vlan-tag-prio

Command Parameters

<ace-id>

Specifies the ACE ID. Different hardware platforms support different ACE ID ranges. Use the CLI Help to see the available range for the switch.

<acl-id>

Specifies the ACL ID. Use the CLI Help to see the available range for the switch.

dst-mac <eq|mask> WORD<1-1024>

The <eq|mask> parameter specifies an operator for a field match condition.

The WORD<1-1024> parameter specifies a list of destination MAC addresses separated by a comma or a range of MAC addresses specified from low to high; for example, [AA:BB:CC:DD:EE:FF].

ether-type <eq> WORD<1-200>

The <eq> parameter specifies an operator for a field match condition: equal to. The WORD<1-200> parameter specifies an ether-type name:

• ip

• arp

• ipx802dot3

• ipx802dot2

• ipxSnap

• ipxEthernet2

• appleTalk

• AppleTalk-Arp

• sna802dot2

• snaEthernet2

• netBios

• xns

• vines

• rarp

• PPPoE-discovery

• PPPoE-session

port eq {slot/port[/sub-port]}

Identifies a single slot and port. If the platform supports channelization and the port is channelized, you must also specify the sub-port in the format slot/port/sub-port.

src-mac <eq|mask> WORD<1-1024>

The <eq|mask> parameter specifies an operator for a field match condition: equal to.

The WORD<1-1024> parameter specifies a list of source MAC addresses separated by separated by a comma, or a range of MAC addresses specified from low to high; for example, [AA:BB:CC:DD:EE:FF].

vlan-id <eq|mask> <1-4059>

Specifies the VLAN ID in the range of 1 to 4059. By default, VLAN IDs 1 to 4059 are configurable and the system reserves VLAN IDs 4060 to 4094 for internal use. On switches that support the vrf-scaling and spbm-config-mode boot configuration flags, if you enable these flags, the system also reserves VLAN IDs 3500 to 3998. VLAN ID 1 is the default VLAN and you cannot create or delete VLAN ID 1.

vlan-tag-prio <eq|mask> <0-7>

The <eq|mask> parameter specifies an operator for a field match condition. The <0-7> parameter specifies a VLAN tag priority from 0-7 or undefined.

Default

None

Command Mode

Global Configuration