This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- Extreme Networks
- Community List
- Switching & Routing
- Data Center (VDX)
- Re: MAC Extended ACL / MAC-Address subnet mask cal...
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
MAC Extended ACL / MAC-Address subnet mask calculation
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
06-27-2023 06:25 AM
Hello Team,
I want to configure the mac ACL with a subnet mask but am unable to find any doc which tells the subnet mask calculation for it:
------------------------------------------------------------------------------
extreme01(conf-macl-ext)# deny 8759.7ca3.1111 ?
Possible completions:
<MACADDRESSMASK> Mac address Mask in HHHH.HHHH.HHHH format.
------------------------------------------------------------------------------
I have configured the blow ACL on the switch assuming it will drop traffic with SRC mac from 8759.7ca3.1xxx to 8759.7ca3.XXXX but it is not working as expected.
, It is also dropping traffic which has source Macs 1759.7ca3.1ab1 , a759.7ca3.1ab1 etc.(there are other macs also which are being dropped)
mac access-list extended MAC_Extended
deny 8759.7ca3.1111 8759.7ca3.0000 host 4ab3.1761.818a
exit
Note - For masking it accepts either 0 or f (ex -‘deny 8759.7ca3.1111 8759.7ca3.ffff host 4ab3.1761.818a’)
VDX6740(7.3.0aa)
Please guide.
-Pavan
Solved! Go to Solution.
1 ACCEPTED SOLUTION
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
06-28-2023 07:07 AM
Pavan,
The correct syntax is "deny [Source MAC] [Source Mask] host [Destination Mac]"
Your command "deny 8759.7ca3.1111 8759.7ca3.0000 host 4ab3.1761.818a" is using an incorrect Mask.
If you want to match 8759.7ca3.1xxx to 8759.7ca3.xxxx you would use the Mask of FFFF.FFFF.1000
deny 8759.7ca3.1000 FFFF.FFFF.1000 host 4ab3.1761.818a
This will match any MAC from 8759.7ca3.1000 - 8759.7ca3.FFFF
Michael Morey
Principal Technical Support Engineer
Extreme Networks
Principal Technical Support Engineer
Extreme Networks
3 REPLIES 3
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
06-30-2023 02:25 AM
Thanks, Michael for your amazing support.
there is a small correction in the syntax :
deny 8759.7ca3.0000 FFFF.FFFF.0000 host 4ab3.1761.818a
This will match any MAC from 8759.7ca3.0000 - 8759.7ca3.FFFF
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
06-30-2023 06:35 AM - edited 06-30-2023 06:36 AM
Pavan,
Yes you are correct, however in your original post you asked about, 8759.7ca3.1XXX - 8759.7ca3.XXXX
I thought the 33 bit range was strange but just went with it. If you instead want to match all addresses in the entire last "chomp", using the FFFF.FFFF.0000 it the correct Mask.
Michael Morey
Principal Technical Support Engineer
Extreme Networks
Principal Technical Support Engineer
Extreme Networks
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
06-28-2023 07:07 AM
Pavan,
The correct syntax is "deny [Source MAC] [Source Mask] host [Destination Mac]"
Your command "deny 8759.7ca3.1111 8759.7ca3.0000 host 4ab3.1761.818a" is using an incorrect Mask.
If you want to match 8759.7ca3.1xxx to 8759.7ca3.xxxx you would use the Mask of FFFF.FFFF.1000
deny 8759.7ca3.1000 FFFF.FFFF.1000 host 4ab3.1761.818a
This will match any MAC from 8759.7ca3.1000 - 8759.7ca3.FFFF
Michael Morey
Principal Technical Support Engineer
Extreme Networks
Principal Technical Support Engineer
Extreme Networks
