C
HAPTER
25
| Access Control Lists
MAC ACLs
– 960 –
DEFAULT SETTING
None
COMMAND MODE
MAC ACL
COMMAND USAGE
◆ New rules are added to the end of the list.
◆ The ethertype option can only be used to filter Ethernet II formatted
packets.
◆ A detailed listing of Ethernet protocol types can be found in RFC 1060.
A few of the more common types include the following:
■
0800 - IP
■
0806 - ARP
■
8137 - IPX
EXAMPLE
This rule permits packets from any source MAC address to the destination
address 00-e0-29-94-34-de where the Ethernet type is 0800.
Console(config-mac-acl)#permit any host 00-e0-29-94-34-de ethertype 0800
Console(config-mac-acl)#
RELATED COMMANDS
access-list mac (956)
Time Range (762)
mac access-group This command binds a MAC ACL to a port. Use the no form to remove the
port.
SYNTAX
mac access-group acl-name in
[time-range time-range-name] [counter]
acl-name – Name of the ACL. (Maximum length: 16 characters)
in – Indicates that this list applies to ingress packets.
time-range-name - Name of the time range.
(Range: 1-16 characters)
counter – Enables counter for ACL statistics.
DEFAULT SETTING
None
COMMAND MODE
Interface Configuration (Ethernet)
To Next Page
Loading...
