mac

ManualsBrandsip ManualsNetworkingipv6

411

412

413

414

415

416

417

418

419

420

Commands for ACL

413

standard IP access-list.

Parameters: <num> is the No. of access-list, 100-199; <sIpAddr> is the source IP

address, the format is dotted decimal notation; <sMask > is the reverse mask of source

IP, the format is dotted decimal notation.

Command Mode: Global mode

Default: No access-lists configured.

Usage Guide: When the user assign specific <num> for the first time, ACL of the serial

number is created, then the lists are added into this ACL.

Examples: Create a numeric standard IP access-list whose serial No. is 20, and permit

date packets with source address of 10.1.1.0/24 to pass, and deny other packets with

source address of 10.1.1.0/16.

Switch(config)#access-list 20 permit 10.1.1.0 0.0.0.255

Switch(config)#access-list 20 deny 10.1.1.0 0.0.255.255

36.6 access-list(mac extended)

Command: access-list <num> {deny | permit} {any-source-mac | {host-source-mac

<host_smac>} | {<smac> <smac-mask>}} {any-destination-mac |

{host-destination-mac <host_dmac>} | {<dmac> <dmac-mask>}} [untagged-eth2 |

tagged-eth2 | untagged-802-3 | tagged-802-3]

no access-list <num>

Functions: Define an extended numeric MAC ACL rule, “no access-list <num>”

command deletes an extended numeric MAC access-list rule.

Parameters: <num> is the access-list No. which is a decimal’s No. from 1100-1199;

deny if rules are matching, deny access; permit if rules are matching, permit access;

<any-source-mac> any source address; <any-destination-mac> any destination

address; <host_smac>, <smac> source MAC address; <smac-mask> mask (reverse

mask) of source MAC address; <host_dmac> , <dmac> destination MAC address;

<dmac-mask> mask (reverse mask) of destination MAC address; untagged-eth2

format of untagged ethernet II packet; tagged-eth2 format of tagged ethernet II packet;

untagged-802-3 format of untagged ethernet 802.3 packet; tagged-802-3 format of

tagged ethernet 802.3 packet.

Command Mode: Global mode

Default Configuration: No access-list configured

Usage Guide: When the user assign specific <num> for the first time, ACL of the serial

number is created, then the lists are added into this ACL.

Examples: Permit tagged-eth2 with any source MAC addresses and any destination

MAC addresses and the packets pass.