Configuration Guide Configuring ACL
deny: Indicates that the ACE is a deny ACE.
any: Indicates that L2 packets sent from any host are filtered.
host src-mac-addr: Indicates that IP packets sent from a host with the specified source MAC address are
filtered.
any: Indicates that L2 packets sent to any host are filtered.
host dst-mac-addr: Indicates that IP packets sent to a host with the specified destination MAC address are
filtered.
ethernet-type: Indicates that L2 packets of the specified Ethernet type are filtered.
cos cos: Indicates that L2 packets with the specified class of service (cos) field in the outer tag are filtered.
inner cos: Indicates that L2 packets with the specified cos field in the inner tag are filtered.
time-range time-range-name: Indicates that this ACE is associated with a time range. The ACE takes effect
only within this time range. For details about the time range, see the configuration manual of the time range.
MAC extended ACL configuration mode
Run this command to add ACEs in MAC extended ACL configuration mode. The ACL can be a named or
numbered ACL.
Add ACEs to an MAC extended ACL in global configuration mode.
access-list acl-id { permit | deny } {any | host src-mac-addr } {any | host dst-mac-addr} [ethernet-type]
[cos cos [inner cos]] [ time-range tm-rng-name ]
acl-id: Indicates the ID of a numbered ACL. It uniquely identifies an ACL. The value range of acl-id is
700–799.
permit: Indicates that the ACE is a permit ACE.
deny: Indicates that the ACE is a deny ACE.
host src-mac-addr: Indicates that IP packets sent from a host with the specified source MAC address are
filtered. any: Indicates that L2 packets sent to any host are filtered.
host source: Indicates that MAC of the matching source sends Layer-2 packets to a host.
ethernet-type: Indicates that L2 packets of the specified Ethernet type are filtered.
cos cos: Indicates that L2 packets with the specified cos field in the outer tag are filtered.
inner cos: Indicates that L2 packets with the specified cos field in the inner tag are filtered.
time-range time-range-name: Indicates that this ACE is associated with a time range. The ACE takes effect
only within this time range. For details about the time range, see the configuration manual of the time range.
Global configuration mode
Run this command to add ACEs to a numbered MAC extended ACL in global configuration mode. It cannot
be used to add ACEs to a named MAC extended ACL.
Applying an MAC Extended ACL
mac access-group { acl-id | acl-name } { in | out }
To Next Page
Loading...
Need help?
General
