mac
Commands for ACL
428
access-list 100 deny tcp any any-destination
access-list 1100(used 0 time(s))
access-list 1100 permit any-source-mac any-destination-mac tagged-eth2 14 2 0800
Displayed information
Explanation
access-list 10(used 1 time(s))
Number ACL10, 0 time to be used
access-list 10 deny any-source
Deny any IP packets to pass
access-list 100(used 1 time(s))
Nnumber ACL100, 1 time to be used
access-list 100 deny ip any-source
any-destination
Deny IP packet of any source IP address
and destination address to pass
access-list 100 deny tcp any-source
any-destination
Deny TCP packet of any source IP address
and destination address to pass
access-list 1100 permit any-source-mac
any-destination-mac tagged-eth2 14 2
0800
Permit tagged-eth2 with any source MAC
addresses and any destination MAC
addresses and the packets whose 15
th
and
16
th
byte is respectively 0x08 , 0x0 to pass.
36.28 show access-group
Command: show access-group in (interface {Ethernet | Ethernet IFNAME})
Functions: Display the ACL binding status on the port.
Parameters: IFNAME, Port name.
Default: None.
Command Mode: Admin and Configuration Mode.
Usage Guide: When not assigning interface names, all ACL tied to port will be revealed.
Examples:
Switch#show access-group
interface name: Ethernet 1/1
IP Ingress access-list used is 100, traffic-statistics Disable.
interface name: Ethernet1/2
IP Ingress access-list used is 1, packet(s) number is 11110.
Displayed information
Explanation
interface name: Ethernet 1/1
Tying situation on port Ethernet1/1
IP Ingress access-list used is
100
No. 100 numeric expansion ACL tied to entrance
of port Ethernet1/1
packet(s) number is 11110
Number of packets matching this ACL rule