Cisco ASA Series Cli Configuration Manual page 575
Software version 9.0 for the services module
Hide thumbs
Also See for ASA Series:
- Configuration manual (429 pages) ,
- Getting started (31 pages) ,
- Mount and connect (12 pages)
Table of Contents
Advertisement
Chapter 1
Adding an EtherType Access List
Step 1
Create an access list by adding an ACE and applying an access list name, as shown in the
EtherType Access Lists" section on page
Step 2
Apply the access list to an interface. (See the
information.)
Adding EtherType Access Lists
To configure an access list that controls traffic based upon its EtherType, perform the following steps:
Detailed Steps
Command
access-list access_list_name ethertype
{deny | permit} {ipx | bpdu | mpls-unicast
| mpls-multicast | any | hex_number}
Example:
hostname(config)# hostname(config)#
access-list ETHER ethertype permit ipx
1-3.
"Configuring Access Rules" section on page 1-7
Purpose
Adds an EtherType ACE.
The access_list_name argument lists the name or number of an access list.
When you specify an access list name, the ACE is added to the end of the
access list. Enter the access_list_name in upper case letters so that the
name is easy to see in the configuration. You might want to name the access
list for the interface (for example, INSIDE) or for the purpose (for
example, MPLS or PIX).
The permit keyword permits access if the conditions are matched. deny
denies access.
The ipx keyword specifies access to IPX.
The bpdu keyword specifies access to bridge protocol data units, which are
allowed by default.
The deny keyword denies access if the conditions are matched. If an
EtherType access list is configured to deny all, all ethernet frames are
discarded. Only physical protocol traffic, such as auto-negotiation, is still
allowed.
The mpls-multicast keyword specifies access to MPLS multicast.
The mpls-unicast keyword specifies access to MPLS unicast.
The any keyword specifies access to any traffic.
The hex_number argument indicates any EtherType that can be identified
by a 16-bit hexadecimal number greater than or equal to 0x600. (See RFC
1700, "Assigned Numbers," at http://www.ietf.org/rfc/rfc1700.txt for a list
of EtherTypes.)
Note
To remove an EtherType ACE, enter the no access-list command
with the entire command syntax string as it appears in the
configuration.
Cisco ASA Series CLI Configuration Guide
Configuring EtherType Access Lists
"Adding
for more
1-3
Hide quick links:
Advertisement
Chapters
Table of Contents
Troubleshooting
