ACL Commands 81
Default Configuration
No MAC ACL is defined.
Command Mode
MAC-Access List Configuration mode.
User Guidelines
• Before an Access Control Element (ACE) is added to an ACL, all packets are permitted. After an ACE
is added, an implied
deny-any-any
condition exists at the end of the list and those packets that do not
match the conditions defined in the permit statement are denied.
• If the VLAN ID is specified, the policy map cannot be connected to the VLAN interface.
Example
The following example shows how to create a MAC ACL with permit rules.
deny (MAC)
The deny MAC-Access List Configuration mode command denies traffic if the conditions defined in the
deny statement match.
Syntax
•
deny
[
disable-port
] {
any
| {
source source-wildcard
} {
any
| {
destination destination- wildcard
}}[
vlan
vlan-id
] [
cos
cos
cos-wildcard
] [
ethtype
eth-type
] [
inner-vlan
vlan-id
]
•
disable-port
— Indicates that the port is disabled if the condition is matched.
•
source
— Specifies the MAC address of the host from which the packet was sent.
•
source-wildcard
— Specifies wildcard bits to the source MAC address by placing 1s in bit positions
to be ignored.
•
any
— Specify a MAC address and mask. For example, to set 00:00:00:00:10:XX use the Mac
address 00:00:00:00:10:00 and mask 00:00:00:00:00:FF.
•
destination
— Specifies the MAC address of the host to which the packet is being sent.
•
destination-wildcard
— Specifies wildcard bits to the destination MAC address by placing 1s in bit
positions to be ignored.
•
vlan-id
— Specifies the vlan id of the packet. (Range: 1 - 4094)
Console(config)# mac access-list macl-acl1
Console(config-mac-al)# permit 6:6:6:6:6:6 0:0:0:0:0:0 any vlan 6
5400_CLI.book Page 81 Wednesday, December 17, 2008 4:33 PM
To Next Page
Loading...
