Chapter 10
| Access Control Lists
MAC ACLs
ā 415 ā
port-bitmask ā Decimal number representing the port bits to match.
(Range: 0-65535)
time-range-name - Name of the time range. (Range: 1-32 characters)
Default Setting
None
Command Mode
MAC ACL
Command Usage
ā New rules are added to the end of the list.
ā The ethertype option can only be used to filter Ethernet II formatted packets.
ā A detailed listing of Ethernet protocol types can be found in RFC 1060. A few of
the more common types include the following:
ā
0800 - IP
ā
0806 - ARP
ā
8137 - IPX
ā If an Extended IPv4 rule and MAC rule match the same packet, and these rules
specify a āpermitā entry and ādenyā entry, the ādenyā action takes precedence.
Example
This rule permits packets from any source MAC address to the destination address
00-e0-29-94-34-de where the Ethernet type is 0800.
Console(config-mac-acl)#permit any host 00-e0-29-94-34-de ethertype 0800
Console(config-mac-acl)#
Related Commands
access-list mac (410)
Time Range (189)
mac access-group
(Interface Configuration)
This command binds a MAC ACL to a port. Use the no form to remove the port.
Syntax
mac access-group acl-name {in |
out}
[time-range time-range-name] [counter]
no mac access-group acl-name {in |
out}
acl-name ā Name of the ACL. (Maximum length: 32 characters)
in ā Indicates that this list applies to ingress packets.
out ā Indicates that this list applies to egress packets.
To Next Page
Loading...
