C
HAPTER
25
| Access Control Lists
MAC ACLs
– 721 –
host – A specific MAC address.
source – Source MAC address.
destination – Destination MAC address range with bitmask.
address-
bitmask
15
– Bitmask for MAC address (in hexadecimal
format).
vid – VLAN ID. (Range: 1-4095)
vid-bitmask
15
–
VLAN bitmask. (Range: 1-4095)
protocol – A specific Ethernet protocol number.
(Range: 600-ffff hex.)
protocol-bitmask
15
– Protocol bitmask.
(Range: 600-ffff hex.)
time-range-name - Name of the time range.
(Range: 1-30 characters)
DEFAULT SETTING
None
COMMAND MODE
MAC ACL
COMMAND USAGE
◆ New rules are added to the end of the list.
◆ The ethertype option can only be used to filter Ethernet II formatted
packets.
◆ A detailed listing of Ethernet protocol types can be found in RFC 1060.
A few of the more common types include the following:
■
0800 - IP
■
0806 - ARP
■
8137 - IPX
EXAMPLE
This rule permits packets from any source MAC address to the destination
address 00-e0-29-94-34-de where the Ethernet type is 0800.
Console(config-mac-acl)#permit any host 00-e0-29-94-34-de ethertype 0800
Console(config-mac-acl)#
RELATED COMMANDS
access-list mac (719)
Time Range (572)
15. For all bitmasks, “1” means care and “0” means ignore.
To Next Page
Loading...
Need help?
General