Specifications
ACCESS-LIST 12 - 29
Usage Guidelines
The permit command in the MAC ACL disallows traffic based on layer 2 (data-link layer) information. A MAC access list
permits traffic from a source MAC address or any MAC address. It also has an option to allow traffic from a list of MAC
addresses (based on the source mask).
The MAC access list can be configured to allow traffic based on VLAN information, or Ethernet type. Common types
include:
•ARP
•WISP
•IP
• 802.1q
The wireless controller (by default) does not allow layer 2 traffic to pass through the interface. To adopt an access point
through an interface, configure an ACL to allow an Ethernet WISP.
Use the mark option to specify the type of service (tos) and priority value. The tos value is marked in the IP header and the
802.1p priority value is marked in the dot1q frame.
Whenever the interface receives the packet, its content is checked against all the ACEs in the ACL. It is marked based on
the ACL’s configuration.
Examples
rfs7000-37FABE(config-mac-acl-test)#show context
mac access-list test
rfs7000-37FABE(config-mac-acl-test)#permit host 11-22-33-44-55-66 any log mark 8021p
3 rule-precedence 600
rfs7000-37FABE(config-mac-acl-test)#permit host 22-33-44-55-66-77 host 11-22-33-44-
55-66 type ip log rule-precedence 610
rfs7000-37FABE(config-mac-acl-test)#show context
mac access-list test
permit host 11-22-33-44-55-66 any log mark 8021p 3 rule-precedence 600
permit host 22-33-44-55-66-77 host 11-22-33-44-55-66 type ip log rule-precedence 610
Related Commands
NOTE: To apply an IP based ACL to an interface, a MAC access list entry is mandatory to
allow ARP. A MAC ACL always takes precedence over IP based ACLs.
no Resets values or disables MAC access permit command