Creates a list of devices allowed access to the managed network. Devices are permitted access based on their MAC address. A single MAC address or a range of MAC addresses can be specified. This command also sets the precedence on how permit list rules are applied. Up to a thousand (1000) permit rules can be defined for every association ACL policy. Each rule has a unique sequential precedence value assigned, and are applied to packets on the basis of this precedence value. Lower the precedence of a rule, higher is its priority. This results in the rule with the lowest precedence being applied first. No two rules can have the same precedence. The default precedence is 1, so be careful to prioritize ACLs accordingly as they are added.
permit <STARTING-MAC> [<ENDING-MAC>|precedence]
permit <STARTING-MAC> precedence <1-1000>
permit <STARTING-MAC> <ENDING-MAC> precedence <1-1000>
permit <STARTING-MAC> precedence <1-1000>
permit |
Adds a single device or a set of devices to the permit list |
<STARTING-MAC> |
To add a single device, enter its MAC address in the <STARTING-MAC> parameter. |
precedence <1-1000> |
Specifies a rule precedence. Rules are applied in an increasing order of their precedence value.
|
permit <STARTING-MAC> <ENDING-MAC> precedence <1-1000>
permit |
Adds a single device or a set of devices to the permit list To add a set of devices, provide the MAC address range. |
<STARTING-MAC> |
Specify the first MAC address of the range. |
<ENDING-MAC> |
Specify the last MAC address of the range. |
precedence <1-1000> |
Specifies a rule precedence. Rules are applied in an increasing order of their precedence value.
|
Every rule has a unique sequential precedence value. You cannot add two rules with the same precedence. Rules are checked in an increasing order of precedence. That means, the rule with precedence 1 is checked first, then the rule with precedence 2 and so on.
nx9500-6C8809(config-assoc-acl-test)# permit 11-22-33-44-66-01 11-22-33-44-66-FF precedence 170
nx9500-6C8809(config-assoc-acl-test)# permit 11-22-33-44-67-01 precedence 180
nx9500-6C8809(config-assoc-acl-test)#show context association-acl-policy test deny 11-22-33-44-55-01 11-22-33-44-55-FF precedence 150 deny 11-22-33-44-56-01 precedence 160 permit 11-22-33-44-66-01 11-22-33-44-66-FF precedence 170 permit 11-22-33-44-67-01 precedence 180 nx9500-6C8809(config-assoc-acl-test)#
no |
Removes a permit rule from this Association ACL Policy |