Table of Contents
Advertisement
4
Command Line Interface
• inner vlan eth-type — The inner VLAN of a double tagged packet.
Default Setting
No MAC ACL is defined.
Command Mode
MAC-Access List Configuration mode
Command Usage
Before an Access Control Element (ACE) is added to an ACL, all packets are
permitted. After an ACE is added, an implied
the end of the list and those packets that do not match the conditions defined
in the permit statement are denied.
If the VLAN ID is specified, the policy map cannot be connected to the VLAN
interface.
The inner-vlan field can be assigned only on:
• Fast Ethernet customer interfaces (the port mode is customer).
• Service provider interfaces when ALL the traffic is double tagged.
Example
The following example shows how to create a MAC ACL with permit rules.
Console(config)#
Console(config-mac-al)#
Related Commands
mac access-list
deny (MAC)
show access-lists
deny (MAC)
The
MAC-Access List Configuration mode command denies traffic if the
deny
conditions defined in the deny statement match.
destination
deny
[
deny
disable-port
destination- wildcard}}[
[inner-vlan vlan id]
Parameters
• disable-port — Indicates that the port is disabled if the statement is deny.
• source — Specifies the MAC address of the host from which the packet was
sent.
• source-wildcard — (Optional for the first type) Specifies wildcard bits by
placing 1s in bit positions to be ignored.
• destination — Specifies the MAC address of the host to which the packet is
308
mac access-list
permit
6:6:6:6:6:6 0:0:0:0:0:0
] {
| {source source-wildcard} {
any
vlan-id] [
vlan
deny-any-any
macl-acl1
any
cos cos-wildcard] [
cos
condition exists at
any vlan
6
| {destination
eth-type]
ethtype
Hide quick links:
Advertisement
Table of Contents
