Users Guide
Layer 2 Switching Commands 698
Example
The following example configures a MAC access list arp-list with a policy that
implements a simple policer for ARP packets coming from any of the hosts
listed in the access list. Apply the policy to an interface using the service-
policy in command in Interface Configuration mode.
console(config)#mac access-list extended arp-list
console(config-mac-access-list)#permit 00:01:02:03:04:05 0000.0000.0000 any
0x0806
console(config-mac-access-list)#permit 00:03:04:05:06:07 0000.0000.0000 any
0x0806
console(config-mac-access-list)#permit 00:03:04:05:06:08 0000.0000.0000 any
0x0806
console(config-mac-access-list)#permit 00:03:04:05:06:01 0000.0000.0000 any
0x0806
console(config-mac-access-list)#exit
console(config)#class-map match-any class-arp
console(config-classmap)#match protocol none
console(config-classmap)#match access-group name arp-list
console(config-classmap)#exit
console(config)#policy-map arp-limiter in
console(config-policy-map)#class class-arp
console(config-policy-classmap)#police-simple 1000 16 conform-action
transmit violate-action drop
console(config-policy-classmap)#exit
console(config-policy-map)#exit
match dstip
Use the match dstip command in Class-Map Configuration mode to add a
match condition based on the destination IP address of a packet.
NOTE: This command is not available on the N1500 Series switches.
Syntax
match dstip ipaddr ipmask
• ipaddr — Specifies a valid IP address.
• ipmask — Specifies a valid IP address bit mask. Note that even though this
parameter is similar to a standard subnet mask, it does not need to be
contiguous.