384 | ACL Commandsw w w . d e l l . c o m | s u p p o r t . d e l l . c o mMAC Access Control List (ACL) CommandsThe commands in this section are:• {deny|permit} on page 384• mac access-list extended on page 386• mac access-list extended rename on page 386• mac access-group on page 387• show mac access-lists on page 388{deny|permit}This command creates a new rule for the selected MAC access list. Each rule is appended to the list ofconfigured rules for the list. Note that an implicit “deny all” MAC rule always terminates the accesslist.Syntax {deny|permit} {srcmac | any} {dstmac} | any} [assign-queue queue-id_0-6] [cos 0-7][ethertypekey] [0x0600-0xFFFF] [redirect unit/slot/port] [vlan {eq 0-4095]Parameters deny | permit A rule may either deny or permit traffic according to the specifiedclassification fields. At a minimum, the source (srcmac | any) anddestination (dstmac} | any) MAC value and mask pairs must be specified,each of which may be substituted using the keyword any to indicate amatch on any value in that field. The BPDU keyword may be specified forthe destination MAC value/mask pair indicating a well-known BPDU MACvalue of 01-80-c2-xx-xx-xx (hex), where 'xx' indicates a don't care. Theremaining command parameters are all optional.assign-queue (Optional) The assign-queue parameter allows specification of aparticular hardware queue for handling traffic that matches this rule. Theallowed queue-id value is 0-(n-1), where n is the number of userconfigurable queues available for the hardware platform.ethertypekey (Optional) The Ethertype (ethertypekey) may be specified as either akeyword or a four-digit hexadecimal value from 0x0600 to 0xFFFF. Thecurrently supported ethertypekey keyword values are: appletalk, arp,ibmsna, ipv4, ipv6, ipx, mplsmcast, mplsucast, netbios,novell, pppoe, rarp. Each of these translates into its equivalentEthertype value(s).redirect (Optional) The redirect parameter redirects traffic matching this rule tothe specified egress port. The redirected packet carries the same MACaddress as it would have if it had not been redirected (the MAC address ofthe next hop defined in the routing table). Basically, it looks like a mirroredpacket on the redirect port.The assign-queue and redirect parameters are only valid for apermit rule.Note: The special command form {deny|permit} any any is used to match all EthernetLayer 2 packets, and is the equivalent of the IP access list “match every” rule.