Quick Reference Guide
ACL Commands 109
DELL CONFIDENTIAL – PRELIMINARY 5/15/12 – FOR PROOF ONLY
•
cos-wildcard
— Specifies wildcard bits to be applied to the CoS.
•
eth-type
— Specifies the etherType of the packet in hexadecimal format. (Range: 0 - 05dd-
ffff {hex})
Default Configuration
No MAC ACL is defined.
Command Mode
MAC-Access List Configuration mode.
User Guidelines
• Before an Access Control Element (ACE) is added to an ACL, all packets are permitted. After an
ACE is added, an implied
deny-any-any
condition exists at the end of the list and those packets
that do not match the conditions defined in the permit statement are denied.
Example
The following example shows how to create a MAC ACL with permit rules.
deny (MAC)
The deny MAC-Access List Configuration mode command denies traffic if the conditions defined
in the deny statement match.
Syntax
•
deny [disable-port] {any|{
source source- wildcard
} {any|{
destination destination- wildcard
}}
[vlan
vlan-id
] [cos
cos cos-wildcard
] [ethtype
eth-type
]
•
disable-port —
Indicates that the port is disabled if the condition is matched.
•
source
— Specifies the MAC address of the host from which the packet was sent.
•
source-wildcard
— Specifies wildcard bits to the source MAC address by placing 1s in bit
positions to be ignored.
•
any
— Specify a MAC address and mask. For example, to set 00:00:00:00:10:XX use the
Mac address 00:00:00:00:10:00 and mask 00:00:00:00:00:FF.
•
destination
— Specifies the MAC address of the host to which the packet is being sent.
•
destination-wildcard
— Specifies wildcard bits to the destination MAC address by placing
1s in bit positions to be ignored.
•
vlan-id
— Specifies the vlan id of the packet. (Range: 1 - 4093)
Console(config)# mac access-list macl-acl1
Console(config-mac-al)# permit 06:a6 00:00:00:00:00:00 any vlan 6