show fip snooping access-list

show fip snooping {vlan} vlan_name access-list {[fcf mac_addr | virtual-link mac_addr | all]}

Description

The command lists all the FCoE ACL (Access Control List)s meeting the criteria.

The list can be shortened by specifying the MAC of an FCF or the VN_Port MAC assigned to a virtual link in the VLAN (Virtual LAN). The ACL with higher priority appears first.

By default, the command lists all the ACLs installed by the VLAN. The example below shows the output of the command followed by the default ACLs installed when fip-snooping is enabled on the VLAN.

Syntax Description

fip

FCoE Initialization Protocol.

snooping

Snooping FIP frames.

vlan_name

Name of the VLAN for which the access-list is shown.

fcf

List FCoE access-lists matching the FCoE forwarder‘s MAC.

mac_addr

MAC address of the FCoE forwarder.

virtual-link

List FCoE access-lists matching FCoE virtual link‘s MAC.

mac_addr

MAC address assigned to a VN-Port in the form xx:xx:xx:xx:xx:xx where xx is a pair of hexadeximal digits.

all

All FCoE access-lists in the VLAN.

Default

N/A.

Usage Guidelines

The command lists all the FCoE ACLs meeting the criteria.

Example

# show fip snooping vlan v3

VLAN         : v3
FIP Snooping : Enabled
FCF Update   : Auto
FC-MAP       : 0e:fc:00:00:00:00

Port   Location
------ ---------------
1:1    Perimeter
1:2    FCF-to-Enode
1:3    Enode-to-FCF
1:4    All
----------------------
?
# show fip snooping vlan v3 access-list

VLAN  : v3

entry f424c0TffffS0efc00000000 { if match all {
    ethernet-type 0x0;
    ethernet-destination-address 0e:fc:00:00:00:00;
} then {
    deny ;
    do-not-learn ;
}}

entry f424c1T8914D011018010002 { if match all {
    ethernet-type 0x8914;
    ethernet-destination-address 01:10:18:01:00:02;
} then {
    permit ;
    mirror-cpu ;
}}

entry f424c2T8914D011018010001 { if match all {
    ethernet-type 0x8914;
    ethernet-destination-address 01:10:18:01:00:01;
} then {
    permit ;
    mirror-cpu ;
}}

entry f424c3T8906 { if match all {
    ethernet-type 0x8906;
} then {
    deny ;
    do-not-learn ;
}}

entry f424c3T8914 { if match all {
    ethernet-type 0x8914;
} then {
    deny ;
    do-not-learn ;
}}

Total number of ACL : 5
 

History

This command was first available in ExtremeXOS 15.1.

Platform Availability

This command is available on the Summit X770.