Default Configuration
No MAC ACL is defined.
Command Mode
MAC-Access List Configuration mode.
User Guidelines
•
Before an Access Control Element (ACE) is added to an ACL, all packets are permitted. After an ACE
is added, an implied deny-any-any condition exists at the end of the list and those packets that do not
match the conditions defined in the permit statement are denied.
•
If the VLAN ID is specified, the policy map cannot be connected to the VLAN interface.
Example
The following example shows how to create a MAC ACL with permit rules.
Console(config)# mac access-list macl-acl1
Console(config-mac-al)# permit 6:6:6:6:6:6 0:0:0:0:0:0 any vlan 6
deny (MAC)
The deny MAC-Access List Configuration mode command denies traffic if the conditions defined in the
deny statement match.
Syntax
•
deny [disable-port] {any | {source source-wildcard} {any | {destination destination- wildcard}}[vlan
vlan-id] [cos cos cos-wildcard] [ethtype eth-type] [inner-vlan vlan-id]
•
disable-port — Indicates that the port is disabled if the condition is matched.
•
source — Specifies the MAC address of the host from which the packet was sent.
•
source-wildcard — Specifies wildcard bits to the source MAC address by placing 1s in bit positions
to be ignored.
•
any — Specify a MAC address and mask. For example, to set 00:00:00:00:10:XX use the Mac
address 00:00:00:00:10:00 and mask 00:00:00:00:00:FF.
•
destination — Specifies the MAC address of the host to which the packet is being sent.
•
destination-wildcard — Specifies wildcard bits to the destination MAC address by placing 1s in bit
positions to be ignored.
•
vlan-id — Specifies the vlan id of the packet. (Range: 1 - 4094)
81
ACL Commands