Gigabit Ethernet Switch Management Guide
A
CCESS
 C
ONTROL
 L
IST
 C
OMMANDS
4-137
permit, deny (MAC ACL)
This command adds a rule to a MAC ACL. The rule filters packets 
matching a specified MAC source or destination address (i.e., physical layer 
address), or Ethernet protocol type. Use the no form to remove a rule.
Syntax
[no] {permit | deny}{any | host source | source address-bitmask} 
{any | host destination | destination address-bitmask}[vid vid vid-bitmask] 
[ethertype protocol [protocol-bitmask]]
Note:- The default is for Ethernet II packets.
[no] {permit | deny} tagged-eth2 {any | host source | source 
address-bitmask} {any | host destination | destination address-bitmask}
[vid vid vid-bitmask] [ethertype protocol [protocol-bitmask]]
[no] {permit | deny} untagged-eth2
{any | host source | source address-bitmask}
{any | host destination | destination address-bitmask}
[ethertype protocol [protocol-bitmask]]
[no] {permit | deny} tagged-802.3 
{any | host source | source address-bitmask}
{any | host destination | destination address-bitmask}[vid vid vid-bitmask] 
[no] {permit | deny} untagged-802.3 
{any | host source | source address-bitmask}
{any |hostdestination | destination address-bitmask}
• tagged-eth2 – Tagged Ethernet II packets.
• untagged-eth2 – Untagged Ethernet II packets.
• tagged-802.3 – Tagged Ethernet 802.3 packets.
• untagged-802.3 – Untagged Ethernet 802.3 packets.
• any – Any MAC source or destination address. 
• host – A specific MAC address.
• source – Source MAC address.
• destination – Destination MAC address range with bitmask.
• address-
bitmask*
 – Bitmask for MAC address (in hexidecimal 
format).
• vid – VLAN ID. (Range: 1-4095)










