Owner's Manual
ACL Commands 81
User Guidelines
ACLs on this system perform both access control and layer 2 field classification. To define
Layer 2 access lists, the
mac access-list
command should be used.
ACLs cannot be removed when they are applied to an interface (using
service-acl
command).
MAC named lists are used with VLAN maps and class maps.
Entering the
mac access-list
command enables the MAC-access list configuration mode.
Example
The following example creates a MAC ACL with the name "dell".
permit (MAC)
The
permit
mac-acl configuration mode command allows
traffic if the conditions defined in the
permit statement are matched.
Syntax
permit
{
any
| {
host
source source-wildcard
}} {
any
| {
destination
destination-wildcard
}}
[
vlan
vlan-id
]
• Source MAC address can be one of the following:
–
any
—Packets received from any MAC address.
–
source
source-wildcard
—MAC address and wildcard for host from which the packet is
sent. Specify the MAC address and wildcard using hexadecimal format
(HH:HH:HH:HH:HH:HH) or XXXX.XXXX.XXXX.
• Destination MAC address can be one of the following:
–
any
—Packets sent to any MAC address.
–
destination
destination-wildcard
—MAC address and wildcard for host to which the
packet is sent. Specify the MAC address and wildcard using hexadecimal format
(HH:HH:HH:HH:HH:HH) or XXXX.XXXX.XXXX.
•
vlan
vlan-id
—The packet VLAN.
Default Configuration
This command has no default configuration.
Command Mode
Mac-ACL Configuration mode
Console (config)# mac access-list dell
Console (config-mac-al)#