Chapter 10
| Access Control Lists
MAC ACLs
– 404 –
destination – Destination MAC, IPv4 or IPv6 address.
address-
bitmask
5
– Bitmask for MAC address (in hexadecimal format).
network-
mask
– Network mask for IP subnet. This mask identifies the host
address bits used for routing to specific subnets.
prefix-length - Length of IPv6 prefix. A decimal value indicating how many
contiguous bits (from the left) of the address comprise the prefix; i.e., the
network portion of the address. (Range: 0-128)
vid – VLAN ID. (Range: 1-4094)
vid-bitmask
5
–
VLAN bitmask. (Range: 1-4095)
ethertype – A specific Ethernet protocol number. (Range: 0-ffff hex)
ethertype-bitmask
5
– Protocol bitmask. (Range: 0-ffff hex)
protocol - IP protocol or IPv6 next header. (Range: 0-255)
For information on next headers, see permit, deny (Extended IPv6 ACL).
sport
6
– Protocol source port number. (Range: 0-65535)
dport
6
– Protocol destination port number. (Range: 0-65535)
port-bitmask – Decimal number representing the port bits to match.
(Range: 0-65535)
time-range-name - Name of the time range. (Range: 1-16 characters)
Default Setting
None
Command Mode
MAC ACL
Command Usage
◆ New rules are added to the end of the list.
◆ The ethertype option can only be used to filter Ethernet II formatted packets.
◆ A detailed listing of Ethernet protocol types can be found in RFC 1060. A few of
the more common types include the following:
■
0800 - IP
■
0806 - ARP
■
8137 - IPX
5. For all bitmasks, “1” means relevant and “0” means ignore.
6. Includes TCP, UDP or other protocol types.
To Next Page
Loading...
Need help?
General