Administrator Guide

Layer 2 Switching Commands 279
Command Mode
Mac-Access-List Configuration mode
User Guidelines
The assign-queue and redirect parameters are only valid for permit
commands.
An implicit deny all condition is added by the system after the last MAC or
IP/IPv6 access group if no route-map is configured on the interface.
Every permit/deny rule that does not have a rate-limit parameter is assigned a
counter. If counter resources become exhausted, a warning is issued and the
rule is applied to the hardware without the counter.
If a permit|deny clause is entered with the same sequence number as an
existing rule, an error is displayed and the existing rule is not updated with
the new information.
Command History
Updated in 6.3.0.1 firmware. Secondary VLAN option added in 6.3.5 release.
Example
The following example configures a MAC ACL to deny traffic from MAC
address 0806.c200.0000.
console(config)#mac access-list extended DELL123
console(config-mac-access-list)#500 deny 0806.c200.0000 0000.0000.0000 any
ip access-group
Use the ip access-group command in Global and Interface Configuration
modes to apply an IP-based ACL on an interface or a group of interfaces.
Use the no ip access-group command to disable an IP-based ACL on an
interface or a group of interfaces.
Syntax
ip access-group name [in | out | control-plane] [seqnum]
no ip access-group name [in | out | control-plane]