2-238
Catalyst 2950 and Catalyst 2955 Switch Command Reference
OL-10102-01
Chapter 2 Catalyst 2950 and 2955 Cisco IOS Commands
permit (MAC access-list configuration)
Defaults This command has no defaults. However, the default action for a MAC-named ACL is to deny.
Command Modes MAC access-list configuration
Command History
Usage Guidelines When an access control entry (ACE) is added to an ACL, an implied deny-any-any condition exists at
the end of the list. That is, if there are no matches, the packets are denied. However, before the first ACE
is added, the list permits all packets.
These options are not allowed:
• Class of service (CoS)
• Ethertype number of a packet with Ethernet II or Subnetwork Access Protocol (SNAP)
encapsulation
• Link Service Access Point (LSAP) number of a packet with IEEE 802.2 encapsulation
Note For more information about configuring MAC extended ACLs, see the “Configuring Network Security
with ACLs” chapter in the software configuration guide for this release.
Examples This example shows how to define the named MAC extended ACL to deny NETBIOS traffic from any
source to MAC address 00c0.00a0.03fa. Traffic matching this list is allowed.
Switch(config-ext-macl)# permit any host 00c0.00a0.03fa netbios
This example shows how to remove the permit condition from the named MAC extended ACL:
Switch(config-ext-macl)# no permit any host 00c0.00a0.03fa netbios
You can verify your settings by entering the show access-lists privileged EXEC command.
Related Commands
vines-ip Select EtherType VINES IP.
xns-idp Select EtherType Xerox Network Systems (XNS) protocol suite (0 to
65535), an arbitrary Ethertype in decimal, hexadecimal, or octal.
Release Modification
12.1(6)EA2 This command was introduced.
Command Description
deny (MAC access-list
configuration)
Prevents Layer 2 traffic from being forwarded if conditions are
matched.
mac access-list extended Creates an ACL based on MAC addresses.
show access-lists Displays ACLs configured on a switch.
To Next Page
Loading...
Need help?
General
