Chapter 10
| Access Control Lists
MAC ACLs
– 414 –
{permit | deny} tagged-802.3
{any | host source | source address-bitmask}
{any | host destination | destination address-bitmask}
[vid vid vid-bitmask] [time-range time-range-name]
no {permit | deny} tagged-802.3
{any | host source | source address-bitmask}
{any | host destination | destination address-bitmask}
[vid vid vid-bitmask]
{permit | deny} untagged-802.3
{any | host source | source address-bitmask}
{any | host destination | destination address-bitmask}
[time-range time-range-name]
no {permit | deny} untagged-802.3
{any | host
source | source address-bitmask}
{any | host destination | destination address-bitmask}
tagged-eth2 – Tagged Ethernet II packets.
untagged-eth2 – Untagged Ethernet II packets.
tagged-802.3 – Tagged Ethernet 802.3 packets.
untagged-802.3 – Untagged Ethernet 802.3 packets.
any – Any MAC, IPv4 or IPv6 source or destination address.
host – A specific MAC, IPv4 or IPv6 address.
source – Source MAC, IPv4 or IPv6 address.
destination – Destination MAC, IPv4 or IPv6 address.
address-
bitmask
5
– Bitmask for MAC address (in hexadecimal format).
network-
mask
– Network mask for IP subnet. This mask identifies the host
address bits used for routing to specific subnets.
prefix-length - Length of IPv6 prefix. A decimal value indicating how many
contiguous bits (from the left) of the address comprise the prefix; i.e., the
network portion of the address. (Range: 0-128)
vid – VLAN ID. (Range: 1-4094)
vid-bitmask
5
–
VLAN bitmask. (Range: 1-4095)
ethertype – A specific Ethernet protocol number. (Range: 0-ffff hex)
ethertype-bitmask
5
– Protocol bitmask. (Range: 0-ffff hex)
protocol - IP protocol or IPv6 next header. (Range: 0-255)
For information on next headers, see permit, deny (Extended IPv6 ACL).
sport
6
– Protocol source port number. (Range: 0-65535)
dport
6
– Protocol destination port number. (Range: 0-65535)
5. For all bitmasks, “1” means relevant and “0” means ignore.
6. Includes TCP, UDP or other protocol types.
To Next Page
Loading...
