Access Control Lists
3-71
3
Configuring a MAC ACL
Command Attributes
• Action – An ACL can contain all permit rules or all deny rules.
(Default: Permit rules)
• Source/Destination Address Type – Use “Any” to include all possible addresses,
“Host” to indicate a specific MAC address, or “MAC” to specify an address range
with the Address and Bitmask fields. (Options: Any, Host, MAC; Default: Any)
• Source/Destination MAC Address – Source or destination MAC address.
• Source/Destination MAC Bitmask – Hexidecimal mask for source or destination
MAC address.
• VID – VLAN ID. (Range: 1-4095)
• VID Bitmask – VLAN bitmask. (Range: 1-4095)
• Ethernet Type – This option can only be used to filter Ethernet II formatted
packets. (Range: 600-fff hex.)
A detailed listing of Ethernet protocol types can be found in RFC 1060. A few of the
more common types include 0800 (IP), 0806 (ARP), 8137 (IPX).
• Ethernet Type Bitmask – Protocol bitmask. (Range: 600-fff hex.)
• Packet Format – This attribute includes the following packet types:
- Any – Any Ethernet packet type.
- Untagged-eth2 – Untagged Ethernet II packets.
- Untagged-802.3 – Untagged Ethernet 802.3 packets.
- Tagged-eth2 – Tagged Ethernet II packets.
- Tagged-802.3 – Tagged Ethernet 802.3 packets.
Command Usage
Egress MAC ACLs only work for destination-mac-known packets, not for multicast,
broadcast, or destination-mac-unknown packets.
To Next Page
Loading...
