96 ACL Commands
Example
The following example shows how to create a MAC ACL.
permit (MAC)
The permit MAC-Access List Configuration mode command sets permit conditions for a MAC access
list.
Syntax
•
permit
{
any
| {
source source-wildcard
}
any
| {
destination destination-wildcard
}} [
vlan
vlan-id
] [
cos
cos cos-wildcard
] [
ethtype
eth-type
]
•
source
— Specifies the source MAC address of the packet.
•
source-wildcard
— Specifies wildcard bits to be applied to the source MAC address by placing 1s in
bit positions to be ignored.
•
any
— Specify a MAC address and mask. For example, to set 00:00:00:00:10:XX use the Mac
address 00:00:00:00:10:00 and mask 00:00:00:00:00:FF.
•
destination
— Specifies the MAC address of the host to which the packet is being sent.
•
destination-wildcard
— Specifies wildcard bits to be applied to the destination MAC address by
placing 1s in bit positions to be ignored.
•
vlan-id
— Specifies the ID of the packet vlan. (Range: 1 - 4094)
•
cos
— Specifies the Class of Service (CoS) for the packet. (Range: 0 - 7)
•
cos-wildcard
— Specifies wildcard bits to be applied to the CoS.
•
eth-type
— Specifies the etherType of the packet in hexadecimal format. (Range: 0 - 05dd-ffff
{hex})
Default Configuration
No MAC ACL is defined.
Command Mode
MAC-Access List Configuration mode.
User Guidelines
• Before an Access Control Element (ACE) is added to an ACL, all packets are permitted. After an ACE
is added, an implied
deny-any-any
condition exists at the end of the list and those packets that do not
match the conditions defined in the permit statement are denied.
Console(config)# mac access-list macl-1
Console(config-mac-al)#
book.book Page 96 Thursday, December 18, 2008 7:40 PM
To Next Page
Loading...
