User Guidelines
ACLs on this system perform both access control and layer 2 field classification. To define
Layer 2 access lists, the mac access-list command should be used.
ACLs cannot be removed when they are applied to an interface (using service-acl command).
MAC named lists are used with VLAN maps and class maps.
Entering the mac access-list command enables the MAC-access list configuration mode.
Example
The following example creates a MAC ACL with the name "dell".
Console (config)# mac access-list dell
Console (config-mac-al)#
permit (MAC)
The permit mac-acl configuration mode command allows traffic if the conditions defined in the
permit statement are matched.
Syntax
permit {any | {host source source-wildcard}} {any | {destination destination-wildcard}}
[vlan vlan-id]
•
Source MAC address can be one of the following:
–
any—Packets received from any MAC address.
–
source source-wildcard—MAC address and wildcard for host from which the packet is
sent. Specify the MAC address and wildcard using hexadecimal format
(HH:HH:HH:HH:HH:HH) or XXXX.XXXX.XXXX.
•
Destination MAC address can be one of the following:
–
any—Packets sent to any MAC address.
–
destination destination-wildcard—MAC address and wildcard for host to which the
packet is sent. Specify the MAC address and wildcard using hexadecimal format
(HH:HH:HH:HH:HH:HH) or XXXX.XXXX.XXXX.
•
vlan vlan-id—The packet VLAN.
Default Configuration
This command has no default configuration.
Command Mode
Mac-ACL Configuration mode
81
ACL Commands