Example:
RP/0/RSP0/CPU0:router(config)# ethernet-service access-list L2ACL2
Enters Ethernet services access list configuration mode and configures access list L2ACL2.
Step 3 [ sequence-number ] { permit | deny } { src-mac-address src-mac-mask | any | host } [ { ethertype-number } | vlan
min-vlan-ID [ max-vlan-ID ] ] [ cos cos-value ] [ dei ] [ inner-vlan min-vlan-ID [ max-vlan-ID] ] inner-cos cos-value
] [ inner-dei ]
Example:
RP/0/RSP0/CPU0:router(config-es-al)# 0 permit 1.2.3 3.2.1
or
RP/0/RSP0/CPU0:router(config-es-al)# 30 deny any dei
Specifies one or more conditions allowed or denied, which determines whether the packet is passed or dropped.
Step 4 Repeat Step 3 as necessary, adding statements by sequence number where you planned. Use the no sequence-number
command to delete an entry.
Allows you to revise an access list.
Step 5 Use the commit or end command.
commit - Saves the configuration changes and remains within the configuration session.
end - Prompts user to take one of these actions:
• Yes - Saves configuration changes and exits the configuration session.
• No - Exits the configuration session without committing the configuration changes.
• Cancel - Remains in the configuration mode, without committing the configuration changes.
What to Do Next
After creating an Ethernet services access list, you must apply it to an interface. See the Applying Ethernet
Services Access Lists section for information about how to apply an access list.
Applying Ethernet Services Access Lists
After you create an access list, you must reference the access list to make it work. Access lists can be applied
on either outbound or inbound interfaces. This section describes guidelines on how to accomplish this task
for both terminal lines and network interfaces.
For inbound access lists, after receiving a packet, Cisco IOS XR software checks the source MAC address of
the packet against the access list. If the access list permits the address, the software continues to process the
packet. If the access list rejects the address, the software discards the packet.
For outbound access lists, after receiving and routing a packet to a controlled interface, the software checks
the source MAC address of the packet against the access list. If the access list permits the address, the software
sends the packet. If the access list rejects the address, the software discards the packet.
L2VPN and Ethernet Services Configuration Guide for Cisco ASR 9000 Series Routers, IOS XR Release 6.3.x
467
Implementing of Layer 2 Access Lists
What to Do Next
To Next Page
Loading...
Need help?
General
