EasyManuals Logo

Cisco 300 Series User Manual

Cisco 300 Series
1117 pages
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Page #129 background imageLoading...
Page #129 background image
ACL Commands
129 OL-32830-01 Command Line Interface Reference Guide
4
4.9 deny (MAC)
Use the deny command in MAC Access-list Configuration mode to set deny
conditions (ACEs) for a MAC ACL. Use the no form of the command to remove the
access control entry.
Syntax
deny
{any | source source-wildcard} {any | destination destination-wildcard}
[
ace-priority
priority][{eth-type 0}| aarp | amber | dec-spanning | decnet-iv |
diagnostic | dsm | etype-6000] [vlan vlan-id] [cos cos cos-wildcard] [
time-range
time-range-name] [disable-port |log-input ]
no deny
{any | source source-wildcard} {any | destination destination-wildcard}
[{eth-type 0}| aarp | amber | dec-spanning | decnet-iv | diagnostic | dsm |
etype-6000] [vlan vlan-id] [cos cos cos-wildcard] [
time-range
time-range-name]
[disable-port |log-input ]
Parameters
•
source
—Source MAC address of the packet.
•
source-wildcard
—Wildcard bits to be applied to the source MAC address.
Use ones in the bit position that you want to be ignored.
•
destination
—Destination MAC address of the packet.
•
destination-wildcard
—Wildcard bits to be applied to the destination MAC
address. Use 1s in the bit position that you want to be ignored.
•
priority
- Specify the priority of the access control entry (ACE) in the access
control list (ACL). "1" value represents the highest priority and "2147483647"
number represents the lowest priority.(Range: 1-2147483647)
•
eth-type
—The Ethernet type in hexadecimal format of the packet.
•
vlan-id
—The VLAN ID of the packet. (Range: 1–4094).
•
cos
—The Class of Service of the packet.(Range: 0–7).
•
cos-wildcard
—Wildcard bits to be applied to the CoS.
• time-range-name—Name of the time range that applies to this permit
statement. (Range: 1–32)
• disable-port—The Ethernet interface is disabled if the condition is matched.
• log-input—Specifies sending an informational syslog message about the
packet that matches the entry. Because forwarding/dropping is done in

Table of Contents

Other manuals for Cisco 300 Series

Questions and Answers:

Question and Answer IconNeed help?

Do you have a question about the Cisco 300 Series and is the answer not in the manual?

Cisco 300 Series Specifications

General IconGeneral
ModelCisco 300 Series
CategorySwitch
DimensionsVaries by model
WeightVaries by model
Power over Ethernet (PoE)Available on select models
ManagementWeb-based GUI, SNMP, CLI
VLANsUp to 256
Security FeaturesACLs, 802.1X, Port Security
Humidity10% to 90% non-condensing
Ports8, 16, 24, 48

Related product manuals