Configuration Guide Configuring ACL
ip access-list standard 1
10 permit 10.1.1.0 0.0.0.255
20 deny 11.1.1.0 0.0.0.255
sw1(config)#show access-group
ip access-group 1 out
Applied On interface GigabitEthernet 0/3
11.4.2 Configuring an MAC Extended ACL
Configuration Effect
Configure and apply an MAC extended ACL to an interface to control all incoming and outgoing IPv4 packets of this interface.
You can permit or deny the entry of specific L2 packets to a network to control access of users to network resources based
on L2 packets.
Notes
N/A
Configuration Steps
Configuring an MAC Extended ACL
(Mandatory) Configure an MAC extended ACL if you want to control users' access to network resources based on the
L2 packet header, for example, the MAC address of each user's PC.
You can configure this ACL on an access, an aggregate, or a core device based on the distribution of users. The MAC
extended ACL takes effect only on the local device, and does not affect other devices on the network.
Adding ACEs to an MAC Extended ACL
(Optional) An ACL may contain zero or multiple ACEs. If no ACE is configured, all incoming L2 Ethernet packets of the
device are denied by default.
Applying an MAC extended ACL
(Mandatory) Apply an MAC extended ACL to a specified interface if you want this ACL take effect.
You can apply an MAC extended ACL on a specified interface of an access, an aggregate, or a core device based on
the distribution of users.
Verification
Use the following methods to verify the configuration effects of the MAC extended ACL:
To Next Page
Loading...
Need help?
General
