Chapter 10
| Access Control Lists
MAC ACLs
ā 414 ā
{permit | deny} tagged-802.3
{any | host source | source address-bitmask}
{any | host destination | destination address-bitmask}
[vid vid vid-bitmask] [time-range time-range-name]
no {permit | deny} tagged-802.3
{any | host source | source address-bitmask}
{any | host destination | destination address-bitmask}
[vid vid vid-bitmask]
{permit | deny} untagged-802.3
{any | host source | source address-bitmask}
{any | host destination | destination address-bitmask}
[time-range time-range-name]
no {permit | deny} untagged-802.3
{any | host
source | source address-bitmask}
{any | host destination | destination address-bitmask}
tagged-eth2 ā Tagged Ethernet II packets.
untagged-eth2 ā Untagged Ethernet II packets.
tagged-802.3 ā Tagged Ethernet 802.3 packets.
untagged-802.3 ā Untagged Ethernet 802.3 packets.
any ā Any MAC, IPv4 or IPv6 source or destination address.
host ā A specific MAC, IPv4 or IPv6 address.
source ā Source MAC, IPv4 or IPv6 address.
destination ā Destination MAC, IPv4 or IPv6 address.
address-
bitmask
5
ā Bitmask for MAC address (in hexadecimal format).
network-
mask
ā Network mask for IP subnet. This mask identifies the host
address bits used for routing to specific subnets.
prefix-length - Length of IPv6 prefix. A decimal value indicating how many
contiguous bits (from the left) of the address comprise the prefix; i.e., the
network portion of the address. (Range: 0-128)
vid ā VLAN ID. (Range: 1-4094)
vid-bitmask
5
ā
VLAN bitmask. (Range: 1-4095)
ethertype ā A specific Ethernet protocol number. (Range: 0-ffff hex)
ethertype-bitmask
5
ā Protocol bitmask. (Range: 0-ffff hex)
protocol - IP protocol or IPv6 next header. (Range: 0-255)
For information on next headers, see permit, deny (Extended IPv6 ACL).
sport
6
ā Protocol source port number. (Range: 0-65535)
dport
6
ā Protocol destination port number. (Range: 0-65535)
5. For all bitmasks, ā1ā means relevant and ā0ā means ignore.
6. Includes TCP, UDP or other protocol types.
To Next Page
Loading...
