Command History
ModificationRelease
This command was introduced.Cisco IOS XE 3.3SECisco IOS XE 3.3SE
Usage Guidelines
You enter MAC-access list configuration mode by using the mac access-list extended global configuration
command.
If you use the host keyword, you cannot enter an address mask; if you do not use the host keyword, you must
enter an address mask.
When an access control entry (ACE) is added to an access control list, an implied deny-any-any condition
exists at the end of the list. That is, if there are no matches, the packets are denied. However, before the first
ACE is added, the list permits all packets.
To filter IPX traffic, you use the type mask or lsap lsap mask keywords, depending on the type of IPX
encapsulation being used. Filter criteria for IPX encapsulation types as specified in Novell terminology and
Cisco IOS terminology are listed in the table.
Table 36: IPX Filtering Criteria
Filter CriterionIPX Encapsulation Type
Novel NameCisco IOS Name
EtherType 0x8137Ethernet IIarpa
EtherType 0x8137Ethernet-snapsnap
LSAP 0xE0E0Ethernet 802.2sap
LSAP 0xFFFFEthernet 802.3novell-ether
Examples
This example shows how to define the named MAC extended access list to deny NETBIOS traffic from any
source to MAC address 00c0.00a0.03fa. Traffic matching this list is denied.
Device(config-ext-macl)# deny any host 00c0.00a0.03fa netbios.
This example shows how to remove the deny condition from the named MAC extended access list:
Device(config-ext-macl)# no deny any 00c0.00a0.03fa 0000.0000.0000 netbios.
This example denies all packets with EtherType 0x4321:
Device(config-ext-macl)# deny any any 0x4321 0
You can verify your settings by entering the show access-lists privileged EXEC command.
Command Reference, Cisco IOS XE Everest 16.5.1a (Catalyst 3650 Switches)
741
deny (MAC access-list configuration)
To Next Page
Loading...
Need help?
General
