Method 1 only configures the numerical value ACL. Method 2 can
configure names and numerical value ACL and specify the priorities of
table entries (supporting priority ACE products).
44.3.3 Configuration of Showing MAC
Extended Access Lists
To monitor access lists, please run the following command the in privileged mode:
DGS-3610# show access-lists [ id | name]
You can view basic access lists
44.3.4 MAC Extended Access List Example
You can implement the following security functions by configuring MAC access lists:
The 0013.2049.8272 host using the IPX protocol cannot access the giga 0/1 port of a device.
It can access other ports.
Configure an Ethernet port, apply the access list 101 on the Ethernet port and check all the
packets passing in and out on the port.
DGS-3610> enable
DGS-3610# configure terminal
DGS-3610(config)# mac access-list extended mac-list
DGS-3610(config-mac-nacl)# deny host 0013.2049.8272 any ipx
DGS-3610(config-mac-nacl)# permit any any
DGS-3610(config-mac-nacl)# exit
DGS-3610(config)# interface gigabitEthernet 0/1
DGS-3610(config-if)# mac access-group mac-list in
DGS-3610(config-if)# end
DGS-3610# show access-lists
mac access-list extended mac-list
deny host 0013.2049.8272 any ipx
permit any any
DGS-3610#
For access lists, permit any any cannot be discarded, for the ending part
of an access list implicates a deny any rule statement.
To Next Page
Loading...
Need help?
General