2-437
Catalyst 3750-X and 3560-X Switch Command Reference
OL-21522-02
Chapter 2      Catalyst 3750-X and 3560-X Switch Cisco IOS Commands
permit (MAC access-list configuration)
permit (MAC access-list configuration)
Use the permit MAC access-list configuration command on the switch stack or on a standalone switch 
to allow non-IP traffic to be forwarded if the conditions are matched. Use the no form of this command 
to remove a permit condition from the extended MAC access list.
{permit | deny} {any | host src-MAC-addr | src-MAC-addr mask} {any | host dst-MAC-addr | 
dst-MAC-addr mask} [type mask | cos cos | aarp | amber | dec-spanning | decnet-iv | 
diagnostic | dsm | etype-6000 | etype-8042 | lat | lavc-sca | lsap lsap mask | mop-console | 
mop-dump | msdos | mumps | netbios | vines-echo | vines-ip | xns-idp] 
no {permit | deny} {any | host src-MAC-addr | src-MAC-addr mask} {any | host dst-MAC-addr | 
dst-MAC-addr mask} [type mask | cos cos | aarp | amber | dec-spanning | decnet-iv | 
diagnostic | dsm | etype-6000 | etype-8042 | lat | lavc-sca | lsap lsap mask | mop-console | 
mop-dump | msdos | mumps | netbios | vines-echo |vines-ip | xns-idp] 
Note Though visible in the command-line help strings, appletalk is not supported as a matching condition.
Syntax Description any Keyword to specify to deny any source or destination MAC address.
host src-MAC-addr | 
src-MAC-addr mask
Define a host MAC address and optional subnet mask. If the source 
address for a packet matches the defined address, non-IP traffic from that 
address is denied.
host dst-MAC-addr |  
dst-MAC-addr mask
Define a destination MAC address and optional subnet mask. If the 
destination address for a packet matches the defined address, non-IP 
traffic to that address is denied.
type mask (Optional) Use the Ethertype number of a packet with Ethernet II or 
SNAP encapsulation to identify the protocol of the packet. 
  • type is 0 to 65535, specified in hexadecimal.
  • mask is a mask of don’t care bits applied to the Ethertype before 
testing for a match.
aarp (Optional) Select Ethertype AppleTalk Address Resolution Protocol that 
maps a data-link address to a network address.
amber (Optional) Select EtherType DEC-Amber.
cos cos (Optional) Select an arbitrary class of service (CoS) number from 0 to 7 
to set priority. Filtering on CoS can be performed only in hardware. A 
warning message appears if the cos option is configured.
dec-spanning (Optional) Select EtherType Digital Equipment Corporation (DEC) 
spanning tree.
decnet-iv (Optional) Select EtherType DECnet Phase IV protocol.
diagnostic (Optional) Select EtherType DEC-Diagnostic.
dsm (Optional) Select EtherType DEC-DSM.
etype-6000 (Optional) Select EtherType 0x6000.
etype-8042 (Optional) Select EtherType 0x8042.
lat (Optional) Select EtherType DEC-LAT.
lavc-sca (Optional) Select EtherType DEC-LAVC-SCA.