Command Line Reference Guide
Access Control Lists (ACL) | 233
Command
History
Example FTOS#show mac accounting access-list mac-ext interface po 1
Extended mac access-list mac-ext on GigabitEthernet 0/11
seq 5 permit host 00:00:00:00:00:11 host 00:00:00:00:00:19 count (393794576 packets)
seq 10 deny host 00:00:00:00:00:21 host 00:00:00:00:00:29 count (89076777 packets)
seq 15 deny host 00:00:00:00:00:31 host 00:00:00:00:00:39 count (0 packets)
seq 20 deny host 00:00:00:00:00:41 host 00:00:00:00:00:49 count (0 packets)
seq 25 permit any any count (0 packets)
Extended mac access-list mac-ext on GigabitEthernet 0/12
seq 5 permit host 00:00:00:00:00:11 host 00:00:00:00:00:19 count (57589834 packets)
seq 10 deny host 00:00:00:00:00:21 host 00:00:00:00:00:29 count (393143077 packets)
seq 15 deny host 00:00:00:00:00:31 host 00:00:00:00:00:39 count (0 packets)
seq 20 deny host 00:00:00:00:00:41 host 00:00:00:00:00:49 count (0 packets)
seq 25 permit any any count (0 packets)
FTOS#
Usage
Information
The ACL hit counters in this command increment the counters for each matching rule, not just the first
matching rule.
Related
Commands
Standard MAC ACL Commands
When an access-list is created without any rule and then applied to an interface, ACL behavior reflects
implicit permit.
c and s platforms support Ingress MAC ACLs only.
The following commands configure standard MAC ACLs:
• deny
• mac access-list standard
• permit
• seq
deny
c e s
Configure a filter to drop packets with a the MAC address specified.
Syntax
deny {any | mac-source-address [mac-source-address-mask]} [count [byte]] [log] [monitor]
To remove this filter, you have two choices:
•Use the no seq sequence-number command syntax if you know the filter’s sequence number or
Version 8.1.1.0 Introduced on E-Series ExaScale
Version 7.8.1.0 Increased name string to accept up to 140 characters. Prior to 7.8.1.0, names are up to
16 characters long.
Version 7.6.1.0 Support added for S-Series
Version 7.5.1.0 Support added for C-Series
pre-Version 6.1.1.0 Introduced for E-Series
show mac accounting destination Display destination counters for Layer 2 traffic (available on
physical interfaces only).
Note: See also Commands Common to all ACL Types and Common MAC Access List Commands.