C
HAPTER
25
| Access Control Lists
MAC ACLs
– 957 –
EXAMPLE
Console(config)#access-list mac jerry
Console(config-mac-acl)#
RELATED COMMANDS
permit, deny (957)
mac access-group (960)
show mac access-list (961)
permit, deny
(MAC ACL)
This command adds a rule to a MAC ACL. The rule filters packets matching
a specified MAC source or destination address (i.e., physical layer address),
or Ethernet protocol type. Use the no form to remove a rule.
SYNTAX
{permit | deny}
{any | host source | source address-bitmask}
{any | host destination | destination address-bitmask}
[vid vid vid-bitmask] [ethertype ethertype [ethertype-bitmask]]
{{ip {any | host source-ip | source-ip network-mask}
{any | host destination-ip | destination-ip network-mask}
{ipv6 {any | host source-ipv6 | source-ipv6/prefix-length}
{any | host destination-ipv6 | destination-ipv6/prefix-length}}
[protocol protocol]
[l4-source-port sport [port-bitmask]]
[l4-destination-port dport [port-bitmask]}]
[time-range time-range-name]
no {permit | deny}
{
any | host source | source address-bitmask}
{any | host destination | destination address-bitmask}
[vid vid vid-bitmask] [ethertype ethertype [ethertype-bitmask]]
{{ip {any | host source-ip | source-ip network-mask}
{any | host destination-ip | destination-ip network-mask}
{ipv6 {any | host source-ipv6 | source-ipv6/prefix-length}
{any | host destination-ipv6 | destination-ipv6/prefix-length}}
[protocol protocol]
[l4-source-port sport [port-bitmask]]
[l4-destination-port dport [port-bitmask]}]
N
OTE
:
The default is for Ethernet II packets.
To Next Page
Loading...
