Chapter 9
| Access Control Lists
MAC ACLs
– 350 –
Command Usage
â—† New rules are added to the end of the list.
â—† The ethertype option can only be used to filter Ethernet II formatted packets.
â—† A detailed listing of Ethernet protocol types can be found in RFC 1060. A few of
the more common types include the following:
â–
0800 - IP
â–
0806 - ARP
â–
8137 - IPX
Example
This rule permits packets from any source MAC address to the destination address
00-e0-29-94-34-de where the Ethernet type is 0800.
Console(config-mac-acl)#permit any host 00-e0-29-94-34-de ethertype 0800
Console(config-mac-acl)#
Related Commands
access-list mac (347)
Time Range (177)
mac access-group This command binds a MAC ACL to a port. Use the no form to remove the port.
Syntax
mac access-group acl-name {in |
out} [time-range time-range-name]
[counter]
no mac access-group acl-name {in |
out}
acl-name – Name of the ACL. (Maximum length: 16 characters)
in – Indicates that this list applies to ingress packets.
out – Indicates that this list applies to egress packets.
time-range-name
- Name of the time range. (Range: 1-32 characters)
counter – Enables counter for ACL statistics.
Default Setting
None
Command Mode
Interface Configuration (Ethernet)
Command Usage
â—† Only one ACL can be bound to a port.
To Next Page
Loading...
Need help?
General