Device Security 95
Example #3: Apply the Rule to Outbound (Egress) Traffic on Port 1/g2
Only traffic matching the criteria will be accepted.
console(config)#interface ethernet 1/g2
console(config-if-1/g2)#ip access-group list1 out
console(config-if-1/g2)#exit
MAC ACL CLI Examples
The following are examples of the commands used for the MAC ACLs feature.
Example #4: Set up a MAC Access List
console#config
console(config)#mac access-list extended mac1
console(config)#exit
Example #5: Specify MAC ACL Attributes
console(config-mac-access-list)#deny ?
any Configure a match condition for all the source MAC
addresses in the Source MAC Address field.
<srcmac> Enter a MAC Address.
console(config-mac-access-list)#deny any ?
any Configure a match condition for all the destination
MAC addresses in the Destination MAC Address field.
bpdu Match on any BPDU destination MAC Address.
<dstmac> Enter a MAC Address.
console(config-mac-access-list)#deny any 00:11:22:33:44:55 ?
<dstmacmask> Enter a MAC Address bit mask.
console(config-mac-access-list)#deny any 00:11:22:33:44:55 00:00:00:00:FF:FF ?
assign-queue Configure the Queue Id assignment attribute.
cos Configure a match condition based on a COS value.
log Configure logging for this access list rule.
mirror Configure the packet mirroring attribute.
redirect Configure the packet redirection attribute.
vlan Configure a match condition based on a VLAN ID.
<0x0600-0xffff> Enter a four-digit hexadecimal number in the range of
0x0600 to 0xffff to specify a custom Ethertype value.
<cr> Press enter to execute the command.
<ethertypekey> Enter one of the following keywords to specify an
Ethertype (appletalk, arp, ibmsna, ipv4, ipv6, ipx,
To Next Page
Loading...
