2-86
Catalyst 2950 and Catalyst 2955 Switch Command Reference
OL-10102-01
Chapter 2 Catalyst 2950 and 2955 Cisco IOS Commands
deny (MAC access-list configuration)
Defaults This command has no defaults. However, the default action for a MAC named ACL is to deny.
Command Modes MAC access-list configuration
Command History
Usage Guidelines When an access control entry (ACE) is added to an ACL, an implied deny-any-any condition exists at
the end of the list. That is, if there are no matches, the packets are denied. However, before the first ACE
is added, the list permits all packets.
These options are not allowed:
• Class of service (CoS)
• Ethertype number of a packet with Ethernet II or Subnetwork Access Protocol (SNAP)
encapsulation
• Link Service Access Point (LSAP) number of a packet with IEEE 802.2 encapsulation
Note For more information about configuring MAC extended ACLs, see the “Configuring Network Security
with ACLs” chapter in the software configuration guide for this release.
Examples This example shows how to define the MAC named extended ACL to deny NETBIOS traffic from any
source to MAC address 00c0.00a0.03fa. Traffic matching this list is denied.
Switch(config-ext-macl)# deny any host 00c0.00a0.03fa netbios
This example shows how to remove the deny condition from the named MAC extended ACL:
Switch(config-ext-macl)# no deny any host 00c0.00a0.03fa netbios
You can verify your settings by entering the show access-lists privileged EXEC command.
Related Commands
vines-ip Select EtherType VINES IP.
xns-idp Select EtherType Xerox Network Systems (XNS) protocol suite (0 to
65535), an arbitrary Ethertype in decimal, hexadecimal, or octal.
Release Modification
12.1(6)EA2 This command was introduced.
Command Description
mac access-list extended Creates an ACL based on MAC addresses for non-IP
traffic.
permit (MAC access-list configuration) Permits Layer 2 traffic to be forwarded if conditions are
matched.
show access-lists Displays ACLs configured on a switch.
To Next Page
Loading...
Need help?
General
