Owner's manual
91
Chapter 5 - Command Line Interface
and enter access-list conguration mode.
CLI Syntax
: ip access-list (standard | extended) ACLNAME
Example
: (cong)# ip access-list extended ip_acl_1
5.3.21.3 deny any host
Use the deny MAC access list configuration command on the switch to
prevent non-IP trafc from being forwarded if the conditions are matched.
Use the no form of this command to remove a deny condition from the
named MAC access list.
CLI Syntax
: deny any host MACADDR [IFNAME]
Example
: (cong-mac-acl)# deny any host c2f3.220a.12f4 gi1/0/2
5.3.21.4 lter conditions
This command specifies one or more conditions denied or permitted to
decide if the packet is forwarded or dropped.
CLI Syntax
: (permit|deny) any any
Example
: (cong-mac-acl)# permit any any
5.3.21.5 lter attach
This command attaches a MAC or IP access-list to an interface.
CLI Syntax
: mac access-group ACLNAME in
Example
: ASUS# interface gi1/0/1
(cong-if)# mac access-group mac_acl_1 in
5.3.22 Port Access Control
5.3.22.1 dot1x guest-vlan
Use the dot1x guest-vlan interface conguration command on the switch to
specify an active VLAN as an 802.1X guest VLAN. Use the no form of this
command to return to the default setting.
CLI Syntax
: dot1x guest-vlan <1-3000>
Example
: (cong)# interface gi1/0/1