Creating Named Mac Extended Acls - Cisco Catalyst 3750 Software Configuration Manual
Metro switch
Hide thumbs
Also See for Catalyst 3750:
- Command reference manual (1154 pages) ,
- Hardware installation manual (231 pages) ,
- Message manual (120 pages)
Table of Contents
Advertisement
Chapter 25
Configuring Network Security with ACLs
A log message for the same sort of packet using the log keyword does not include the input interface
information:
00:05:47:%SEC-6-IPACCESSLOGDP:list inputlog permitted icmp 10.1.1.10 -> 10.1.1.61 (0/0), 1
packet
Creating Named MAC Extended ACLs
You can filter non-IPv4 traffic on a VLAN or on a Layer 2 interface by using MAC addresses and named
MAC extended ACLs. The procedure is similar to that of configuring other extended named ACLs.
You cannot apply named MAC extended ACLs to Layer 3 interfaces.
Note
For more information about the supported non-IPv4 protocols in the mac access-list extended
command, refer to the command reference for this release.
Note
Though visible in the command-line help strings, appletalk is not supported as a matching condition for
the deny and permit MAC access-list configuration mode commands.
Beginning in privileged EXEC mode, follow these steps to create a named MAC extended ACL:
Command
Step 1
configure terminal
Step 2
mac access-list extended name
Step 3
{deny | permit} {any | host source MAC
address | source MAC address mask} {any |
host destination MAC address | destination
MAC address mask} [type mask | lsap lsap mask
| aarp | amber | dec-spanning | decnet-iv |
diagnostic | dsm | etype-6000 | etype-8042 | lat
| lavc-sca | mop-console | mop-dump | msdos |
mumps | netbios | vines-echo |vines-ip |
xns-idp | 0-65535] [cos cos]
Step 4
end
78-15870-01
Purpose
Enter global configuration mode.
Define an extended MAC access list using a name.
In extended MAC access-list configuration mode, specify to
permit or deny any source MAC address, a source MAC address
with a mask, or a specific host source MAC address and any
destination MAC address, destination MAC address with a mask,
or a specific destination MAC address.
(Optional) You can also enter these options:
•
type mask—An arbitrary EtherType number of a packet with
Ethernet II or SNAP encapsulation in decimal, hex, or octal
with optional mask of don't care bits applied to the EtherType
before testing for a match.
lsap lsap mask—An LSAP number of a packet with 802.2
•
encapsulation in decimal, hex, or octal with optional mask of
don't care bits.
aarp | amber | dec-spanning | decnet-iv | diagnostic | dsm |
•
etype-6000 | etype-8042 | lat | lavc-sca | mop-console |
mop-dump | msdos | mumps | netbios | vines-echo |vines-ip
| xns-idp—A non-IP protocol.
•
cos cos—An IEEE 802.1p cost of service number from 0 to 7
used to set priority.
Return to privileged EXEC mode.
Catalyst 3750 Metro Switch Software Configuration Guide
Creating Named MAC Extended ACLs
25-25
Advertisement
Table of Contents
Troubleshooting
