permit

Creates a list of devices allowed access to the managed network. Devices are permitted access based on their MAC address. A single MAC address or a range of MAC addresses can be specified. This command also sets the precedence on how permit list rules are applied. Up to a thousand (1000) permit rules can be defined for every association ACL policy. Each rule has a unique sequential precedence value assigned, and are applied to packets on the basis of this precedence value. Lower the precedence of a rule, higher is its priority. This results in the rule with the lowest precedence being applied first. No two rules can have the same precedence. The default precedence is 1, so be careful to prioritize ACLs accordingly as they are added.

Supported in the following platforms:

  • Access Points — AP505i, AP510i/e, AP560i/h
  • Service Platforms — NX5500, NX7500, NX9500, NX9600, VX9000

Syntax

permit <STARTING-MAC> [<ENDING-MAC>|precedence]
permit <STARTING-MAC> precedence <1-1000>
permit <STARTING-MAC> <ENDING-MAC> precedence <1-1000>

Parameters

permit <STARTING-MAC> precedence <1-1000> 

permit

Adds a single device or a set of devices to the permit list

<STARTING-MAC>

To add a single device, enter its MAC address in the <STARTING-MAC> parameter.

precedence <1-1000>

Specifies a rule precedence. Rules are applied in an increasing order of their precedence value.

  • <1-1000> – Specify a value from 1 - 1000.

permit <STARTING-MAC> <ENDING-MAC> precedence <1-1000> 

permit

Adds a single device or a set of devices to the permit list To add a set of devices, provide the MAC address range.

<STARTING-MAC>

Specify the first MAC address of the range.

<ENDING-MAC>

Specify the last MAC address of the range.

precedence <1-1000>

Specifies a rule precedence. Rules are applied in an increasing order of their precedence value.

  • <1-1000> – Specify a value from 1 - 1000.

Usage Guidelines

Every rule has a unique sequential precedence value. You cannot add two rules with the same precedence. Rules are checked in an increasing order of precedence. That means, the rule with precedence 1 is checked first, then the rule with precedence 2 and so on.

Examples

nx9500-6C8809(config-assoc-acl-test)# permit 11-22-33-44-66-01 11-22-33-44-66-FF precedence 170
nx9500-6C8809(config-assoc-acl-test)# permit 11-22-33-44-67-01 precedence 180
nx9500-6C8809(config-assoc-acl-test)#show context
association-acl-policy test
 deny 11-22-33-44-55-01 11-22-33-44-55-FF precedence 150
 deny 11-22-33-44-56-01 precedence 160
 permit 11-22-33-44-66-01 11-22-33-44-66-FF precedence 170
 permit 11-22-33-44-67-01 precedence 180
nx9500-6C8809(config-assoc-acl-test)#

Related Commands 

no

Removes a permit rule from this Association ACL Policy