Quick Reference Guide
ACL Commands | 385
A rule may either deny or permit traffic according to the specified classification fields. At a minimum,
the source and destination MAC value must be specified, each of which may be substituted using the
keyword any to indicate a match on any value in that field. The remaining command parameters are all
optional, but the most frequently used parameters appear in the same relative order as shown in the
command format.
The Ethertype
(ethertypekey) may be specified as either a keyword or a four-digit hexadecimal value
from 0x0600-0xFFFF. The currently supported ethertypekey values are: appletalk, arp, ibmsna,
ipv4, ipv6, ipx, mplsmcast, mplsucast, netbios, novell, pppoe, and rarp. Each of these
translates into its equivalent Ethertype value(s), as shown in Table 21-26.
Mode
Mac Access List Config
Related
Commands
Note: The 'no' form of this command is not supported, as the rules within an ACL cannot be
deleted individually. Rather, the entire ACL must be deleted and re-specified.
Table 21-26. Ethertype Keyword and 4-digit Hexadecimal Value
Ethertype Keyword Corresponding Value
appletalk 0x809B
arp 0x0806
ibmsna 0x80D5
ipv4 0x0800
ipv6 0x86DD
ipx 0x8037
mplsmcast 0x8848
mplsucast 0x8847
netbios 0x8191
novell 0x8137, 0x8138
pppoe 0x8863, 0x8864
rarp 0x8035
interface range Defines an interface range and accesses the Interface Range mode
mac access-group (port
channel)
In the Interface Port Channel Config mode, attaches a MAC ACL to the
selected port channel
mac access-group
Attaches a specific MAC Access Control List (ACL) identified by
name to
an interface in the ingress direction
mac access-list extended Creates a MAC ACL.
show mac access-lists
Displays the rules defined for the MAC access list specified by
name.