Access Control List Commands
4-111
4
Related Commands
permit, deny (MAC ACL) (4-111)
mac access-group (4-112)
show mac access-list (4-112)
permit, deny (MAC ACL)
This command adds a rule to a MAC ACL. The rule filters packets matching a
specified MAC source or destination address (i.e., physical layer address), or
Ethernet protocol type. Use the no form to remove a rule.
Syntax
[no]
{
permit
|
deny
}
{
any
|
host
source | source address-bitmask}
{
any
|
host
destination | destination address-bitmask}
[
vid
vid [vid-end]] [
ethertype
protocol [protocol-end]]
Note:- The default is for Ethernet II packets.
• any – Any MAC source or destination address.
• host – A specific MAC address.
• source – Source MAC address.
• destination – Destination MAC address range with bitmask.
• address-
bitmask
22
– Bitmask for MAC address (in hexidecimal format).
• vid – VLAN ID. (Range: 1-4094)
• vid-end – Upper bound of VID range. (Range: 1-4094)
• protocol – A specific Ethernet protocol number. (Range: 0-65535)
• protocol-end – Upper bound of protocol range. (Range: 0-65535)
Default Setting
None
Command Mode
MAC ACL
Command Usage
• New rules are added to the end of the list.
•The ethertype option can only be used to filter Ethernet II formatted packets.
• A detailed listing of Ethernet protocol types can be found in RFC 1060. A few
of the more common types include the following:
- 0800 - IP
- 0806 - ARP
- 8137 - IPX
22. For all bitmasks, “1” means care and “0” means ignore.
