518 BigIron RX Series Configuration Guide53-1002253-01Configuring Layer 2 ACLs20• You cannot add remarks to a Layer 2 ACL clause.Configuring Layer 2 ACLsConfiguring a Layer 2 ACL is similar to configuring standard and extended ACLs. Layer 2 ACL tableIDs range from 400 to 499, for a maximum of 100 configurable Layer 2 ACL tables. Within eachLayer 2 ACL table, you can configure from 64 (default) to 256 clauses. Each clause or entry candefine a set of Layer 2 parameters for filtering. Once you completely define a Layer 2 ACL table, youmust bind it to the interface for filtering to take effect.The device evaluates traffic coming into the port against each ACL clause. When a match occurs,the device takes the corresponding action. Once a match entry is found, the device either forwardsor drops the traffic, depending upon the action specified for the clause. Once a match entry isfound, the device does not evaluate the traffic against subsequent clauses.By default, if the traffic does not match any of the clauses in the ACL table, the device drops thetraffic. To override this behavior, specify a “permit any any…” clause at the end of the table tomatch and forward all traffic not matched by the previous clauses.NOTEUse precaution when placing entries within the ACL table. The Layer 2 ACL feature does not attemptto resolve conflicts and assumes you know what you are doing.Creating a Layer 2 ACL tableYou create a Layer 2 ACL table by defining a Layer 2 ACL clause.To create a Layer 2 ACL table, enter commands (clauses) such as the following at the GlobalCONFIG level of the CLI. Note that you can add additional clauses to the ACL table at any time byentering the command with the same table ID and different MAC parameters.BigIron RX(config)# access-list 400 deny any any any etype arpBigIron RX(config)# access-list 400 deny any any any etype ipv6BigIron RX(config)# access-list 400 permit any any 100This configuration creates a Layer 2 ACL with an ID of 400. When applied to an interface, this Layer2 ACL table will deny all ARP and IPv6 traffic, and permit all other traffic in VLAN 100.For more examples of valid Layer 2 ACL clauses, refer to “Example Layer 2 ACL clauses” onpage 519.Syntax: [no] access-list permit | deny | any | any[ | any [etype ] [log-enable]]The parameter specifies the Layer 2 ACL table that the clause belongs to. The table ID canrange from 400 to 499. You can define a total of 100 Layer 2 ACL tables.The permit | deny argument determines the action to be taken when a match occurs.