You are here: Home > CLI Commands > Just_CLI_Topics > ip access-list eth

ip access-list eth

ip

ip access-list eth <accname>

deny {<ethtype> [<bits>]|any} [mirror] [position <prio>]

no ...

permit {<ethtype> [<bits>]|any} [mirror][position <prio>]

Description

This command configures an Ethertype ACLAccess Control List. ACL is a common way of restricting certain types of traffic on a physical port..

Syntax

Parameter

Description

Range

<accname>

Define an access list, where <accname> is a name, or a number in the specified range.

200-299

deny

Reject the specified packets, which can be one of the following:

Ethertype in decimal or hexadecimal (0-65535) and optional wildcard (0-65535)

any: match any Ethertype

Optionally, you can configure the mirror parameter, which mirrors packets to a datapath or remote destination, or set the position of the ACLAccess Control List. ACL is a common way of restricting certain types of traffic on a physical port.. The default position is last, a position of 1 puts the ACLAccess Control List. ACL is a common way of restricting certain types of traffic on a physical port. at the top of the list.

no

Negates any configured parameter.

permit

Allow the specified packets, which can be one of the following:

Ethertype in decimal or hexadecimal (0-65535) and optional wildcard (0-65535)

any: match any Ethertype

Optionally, you can configure the mirror parameter, which mirrors packets to a datapath or remote destination, or set the position of the ACLAccess Control List. ACL is a common way of restricting certain types of traffic on a physical port.. The default position is last, a position of 1 puts the ACLAccess Control List. ACL is a common way of restricting certain types of traffic on a physical port. at the top of the list.

Usage Guidelines

The Ethertype field in an EthernetEthernet is a network protocol for data transmission over LAN. frame indicates the protocol being transported in the frame. This type of ACLAccess Control List. ACL is a common way of restricting certain types of traffic on a physical port. filters on the Ethertype field in the EthernetEthernet is a network protocol for data transmission over LAN. frame header, and is useful when filtering non-IP traffic on a physical port. This ACLAccess Control List. ACL is a common way of restricting certain types of traffic on a physical port. can be used to permit IP frames while blocking other non-IP protocols such as IPX or Appletalk.

If you configure the mirror option, define the destination to which mirrored packets are sent in the firewallFirewall is a network security system used for preventing unauthorized access to or from a private network. policy. For more information, see firewall.

Example

The following command configures an Ethertype ACLAccess Control List. ACL is a common way of restricting certain types of traffic on a physical port.:

(host) [mynode] (config) #ip access-list eth 200

(host) [mynode] (config-submode)#permit any mirror position 3

Command History

Version

Modification

ArubaOS 8.0.0.0

Command introduced.

Command Information

Platform

License

Command Mode

All platforms

Requires the PEFNGPolicy Enforcement Firewall. PEF also known as PEFNG provides context-based controls to enforce application-layer security and prioritization. The customers using Aruba mobility controllers can avail PEF features and services by obtaining a PEF license. PEF for VPN users—Customers with PEF for VPN license can apply firewall policies to the user traffic routed to a controller through a VPN tunnel. license.

Config mode on Mobility Master.

/*]]>*/