CLI Guide

Table Of Contents
Layer 2 Switching Commands 282
or bound to a VLAN, then the ACL rule is applied immediately. If a time
range with the specified name exists, and the IP ACL containing this ACL
rule is applied to an interface or bound to a VLAN, then the ACL rule is
applied when the time-range with a specified name becomes active. The ACL
rule is removed when the time-range with a specified name becomes inactive.
An implicit deny all condition is added by the system after the last MAC or
IP/IPv6 access group if no route-map is configured on the interface.
Every permit/deny rule that does not have a rate-limit parameter is assigned a
counter. If counter resources become exhausted, a warning is issued and the
rule is applied to the hardware without the counter.
If a permit|deny clause is entered with the same sequence number as an
existing rule, an error is displayed and the existing rule is not updated with
the new information.
Command History
Updated in 6.3.0.1 firmware. Description updated in the 6.4 release.
Example
console(config)#ip access-list ipv4
console(config-ip-acl)#100 deny ip any any precedence 3
deny | permit (Mac-Access-List-Configuration)
Use the deny command in Mac-Access-List Configuration mode to deny
traffic if the conditions defined in the deny statement are matched. Use the
permit command in Mac-Access-List Configuration mode to allow traffic if
the conditions defined in the permit statement are matched.
Use this command in Mac-Access-List Configuration mode to create a new
rule for the current MAC access list. Each rule is appended to the list of
configured rules for the list, if no sequence number is specified.
The command is enhanced to accept the optional time-range parameter. The
time-range parameter allows imposing a time limitation on the MAC ACL
rule as defined by the parameter time-range-name. If a time range with the
specified name does not exist, and the MAC ACL containing this ACL rule is
applied to an interface or bound to a VLAN, then the ACL rule is applied
immediately. If a time range with the specified name exists, and the MAC
ACL containing this ACL rule is applied to an interface or bound to a VLAN,