C
HAPTER
26
| Access Control Lists
MAC ACLs
– 968 –
DEFAULT SETTING
None
COMMAND MODE
MAC ACL
COMMAND USAGE
â—† New rules are added to the end of the list.
â—† The ethertype option can only be used to filter Ethernet II formatted
packets.
â—† A detailed listing of Ethernet protocol types can be found in RFC 1060.
A few of the more common types include the following:
â–
0800 - IP
â–
0806 - ARP
â–
8137 - IPX
EXAMPLE
This rule permits packets from any source MAC address to the destination
address 00-e0-29-94-34-de where the Ethernet type is 0800.
Console(config-mac-acl)#permit any host 00-e0-29-94-34-de ethertype 0800
Console(config-mac-acl)#
RELATED COMMANDS
access-list mac (964)
Time Range (762)
mac access-group This command binds a MAC ACL to a port. Use the no form to remove the
port.
SYNTAX
mac access-group acl-name {in | out}
[time-range time-range-name] [counter]
acl-name – Name of the ACL. (Maximum length: 16 characters)
in – Indicates that this list applies to ingress packets.
out – Indicates that this list applies to egress packets.
time-range-name - Name of the time range.
(Range: 1-30 characters)
counter – Enables counter for ACL statistics.
DEFAULT SETTING
None
To Next Page
Loading...
Need help?
General
