mac
Commands for ACL
425
Command Mode: Name extended MAC access-list configuration mode
Default configuration: No access-list configured.
Example: The forward source MAC address is not permitted as 00-12-11-23-XX-XX of
802.3 data packet.
Switch(config)# mac-access-list extended macExt
Switch(Config-Mac-Ext-Nacl-macExt)#deny 00-12-11-23-00-00 00-00-00-00-ff-ff
any-destination-mac untagged-802-3
Switch(Config-Mac-Ext-Nacl-macExt)#deny 00-12-11-23-00-00 00-00-00-00-ff-ff any
tagged-802
36.26 permit | deny(mac-ip extended)
Command:
[no] {deny|permit}
{any-source-mac|{host-source-mac<host_smac>}|{<smac><smac-mask>}}
{any-destination-mac|{host-destination-mac<host_dmac>}|{<dmac><dmac-mask>
}} icmp{{<source><source-wildcard>}|any-source|{host-source<source-host-ip>}}
{{<destination><destination-wildcard>}|any-destination|{host-destination
<destination-host-ip>}} [<icmp-type> [<icmp-code>]] [precedence <precedence>]
[tos <tos>][time-range<time-range-name>]
[no]{deny|permit}
{any-source-mac|{host-source-mac<host_smac>}|{<smac><smac-mask>}}
{any-destination-mac|{host-destination-mac<host_dmac>}|{<dmac><dmac-mask>
}} igmp{{<source><source-wildcard>}|any-source| {host-source<source-host-ip>}}
{{<destination><destination-wildcard>}|any-destination|{host-destination
<destination-host-ip>}} [<igmp-type>] [precedence <precedence>] [tos
<tos>][time-range<time-range-name>]
[no]{deny|permit}{any-source-mac|{host-source-mac <host_smac> }| { <smac>
<smac-mask> }}{any-destination-mac|{host-destination-mac
<host_dmac> }|{ <dmac> <dmac-mask> }}tcp{{ <source>
<source-wildcard> }|any-source| {host-source <source-host-ip> }}[s-port { <port1>
| range <sPortMin> <sPortMax> }] {{ <destination> <destination-wildcard> } |
any-destination| {host-destination <destination-host-ip> }} [d-port { <port3> |
range <dPortMin> <dPortMax> }] [ack+fin+psh+rst+urg+syn] [precedence
<precedence> ] [tos <tos> ][time-range <time-range-name> ]