no (mac-acl)

Negates a command or sets its default

Supported in the following platforms:

  • Access Points — AP505i, AP510i/e, AP560i/h
  • Service Platforms — NX5500, NX7500, NX9500, NX9600, VX9000

Syntax

no [deny|disable|permit]
no [deny|permit] [<SOURCE-MAC> <SOURCE-MAC-MASK>|any|host <SOURCE-HOST-MAC>] 
[<DEST-MAC> <DEST-MAC-MASK>|any|host <DEST-HOST-MAC>] (dot1p <0-7>,type [8021q|<1-65535>|
aarp|appletalk|arp|ip|ipv6|ipx|mint|rarp|wisp],vlan <1-4095>) log (rule-precedence <1-5000>) 
{(rule-description <LINE>)}
         
no disable [deny|permit] <RULE-PARAMETERS>

Parameters

no [deny|permit] [<SOURCE-MAC> <SOURCE-MAC-MASK>|any|host <SOURCE-HOST-MAC>] 
[<DEST-MAC> <DEST-MAC-MASK>|any|host <DEST-HOST-MAC>] (dot1p <0-7>,type [8021q|<1-65535>|
aarp|appletalk|arp|ip|ipv6|ipx|mint|rarp|wisp],vlan <1-4095>) log (rule-precedence <1-5000>) 
{(rule-description <LINE>)}
         

no [deny|permit]

Removes a deny or permit rule from the MAC ACL

<SOURCE-MAC> <SOURCE-MAC-MASK>

Specify the source MAC address and mask

any

Select ‘any‘ if the rule is applicable to any source MAC address

host <SOURCE-HOST-MAC>

Specify the source host‘s exact MAC address.

<DEST-MAC> <DEST-MAC-MASK>

Specify the destination MAC address and mask

any

Identifies all devices as the destination to deny/permit access

host <DEST-HOST-MAC>

Specify the destination host‘s exact MAC address.

dotp1p <0-7>

Specify the 802.1p priority value from 0 -7.

type [8021q|<1-65535>| aarp|appletalk|arp|ip|ipv6|ipx|mint|rarp|wisp]

Specify the EtherType value.

vlan <1-4095>

Specify the VLAN ID.

log

Select log, if the rule has been configured to log records in case of a match.

mark [8021p <0-7>| dscp <0-63>]

This is specific to the MAC ACL permit rule. Marks packets that match the ACL rule

8021p <0-7> – Modifies 802.1p VLAN user priority from 0 - 7

dscp <0-63> – Modifies DSCP TOS bits in the IP header from 0 - 63

rule-precedence <1-5000>

Specify the rule precedence. The rule with the specified rule precedence is removed from the MAC ACL.

rule-description <LINE>

Optional. Provide the description configured for the rule.

no disable [deny|permit] <RULE-PARAMETERS>

no disable [deny|permit]

Removes a disabled deny or permit rule from the selected IP access list

<RULE-PARAMETERS>

Enter the exact parameters used when configuring the rule.

rule-precedence <1-5000> rule-description <LINE>}

Specify the precedence assigned to this disabled deny/permit rule.

  • rule-description – Optional. Specify the rule description.

Note: The system removes the disabled rule from the selected ACL.

Examples

<exsw1>(config-mac-acl-test)#show context
mac access-list test
 permit host 11-22-33-44-55-66 any log mark 8021p 3 rule-precedence 600
 permit host 22-33-44-55-66-77 host 11-22-33-44-55-66 type ip log rule-precedence 610
 deny any host 33-44-55-66-77-88 log rule-precedence 700
<exsw1>(config-mac-acl-test)#no deny any host 33-44-55-66-77-88 log rule-precedence 700
<exsw1>(config-mac-acl-test)#show context
mac access-list test
 permit host 11-22-33-44-55-66 any log mark 8021p 3 rule-precedence 600
 permit host 22-33-44-55-66-77 host 11-22-33-44-55-66 type ip log rule-precedence 610