Chapter 10
| Access Control Lists
MAC ACLs
– 401 –
mac access-group
(Global Configuration)
This command binds a MAC ACL to all ports for ingress traffic. Use the no form to
remove this binding.
Syntax
mac access-group acl-name in
[time-range time-range-name] [counter]
no mac access-group acl-name in
acl-name – Name of the ACL. (Maximum length: 32 characters)
in – Indicates that this list applies to ingress packets.
time-range-name - Name of the time range. (Range: 1-16 characters)
counter – Enables counter for ACL statistics.
Default Setting
None
Command Mode
Global Configuration
Command Usage
If an ACL is already bound to a port and you bind a different ACL to it, the switch
will replace the old binding with the new one.
Example
Console(config)#mac access-group jerry in
Console(config)#
Related Commands
show mac access-list (406)
Time Range (186)
permit, deny (MAC ACL) This command adds a rule to a MAC ACL. The rule filters packets matching a
specified MAC source or destination address (i.e., physical layer address), or
Ethernet protocol type. Rules can also filter packets based on IPv4/v6 addresses,
including Layer 4 ports and protocol types. Use the no form to remove a rule.
Syntax
{permit | deny}
{any | host source | source address-bitmask}
{any | host destination | destination address-bitmask}
[vid vid vid-bitmask] [ethertype ethertype [ethertype-bitmask]]
{{ip {any | host source-ip | source-ip network-mask}
{any | host destination-ip | destination-ip network-mask}
To Next Page
Loading...
