24-Port Fast Ethernet Switch Management Guide
C
OMMAND
 L
INE
 I
NTERFACE
4-145
Example
This example shows how to create an Ingress MAC ACL and bind it to a 
port. You can then see that the order of the rules have been changed by the 
mask.
This example creates an Egress MAC ACL.
Console(config)#access-list mac M4
Console(config-mac-acl)#permit any any
Console(config-mac-acl)#deny tagged-eth2 00-11-11-11-11-11 
ff-ff-ff-ff-ff-ff any vid 3
Console(config-mac-acl)#end
Console#show access-list
MAC access-list M4:
 permit any any
 deny tagged-eth2 host 00-11-11-11-11-11 any vid 3
Console(config)#access-list mac mask-precedence in
Console(config-mac-mask-acl)#mask pktformat ff-ff-ff-ff-ff-ff any vid
Console(config-mac-mask-acl)#exit
Console(config)#interface ethernet 1/12
Console(config-if)#mac access-group M4 in
Console(config-if)#end
Console#show access-list
MAC access-list M4:
 deny tagged-eth2 host 00-11-11-11-11-11 any vid 3
 permit any any
MAC ingress mask ACL:
 mask pktformat host any vid
Console#
Console(config)#access-list mac M5
Console(config-mac-acl)#deny tagged-802.3 host 00-11-11-11-11-11 any
Console(config-mac-acl)#deny tagged-eth2 00-11-11-11-11-11 
ff-ff-ff-ff-ff-ff any vid 3 ethertype 0806
Console(config-mac-acl)#end
Console#show access-list
MAC access-list M5:
 deny tagged-802.3 host 00-11-11-11-11-11 any
 deny tagged-eth2 host 00-11-11-11-11-11 any vid 3 ethertype 0806
Console(config)#access-list mac mask-precedence out
Console(config-mac-mask-acl)#mask pktformat ff-ff-ff-ff-ff-ff any vid
Console(config-mac-mask-acl)#exit
Console(config)#interface ethernet 1/5
Console(config-if)#mac access-group M5 out
Console(config-if)#end
Console#show access-list
MAC access-list M5:
 deny tagged-eth2 host 00-11-11-11-11-11 any vid 3 ethertype 0806
 deny tagged-802.3 host 00-11-11-11-11-11 any
MAC ingress mask ACL:
 mask pktformat host any vid ethertype
Console#










