Cisco Catalyst 3750 Command Reference Manual page 231

Chapter 2 Catalyst 3750 Switch Cisco IOS Commands
Usage Guidelines
You enter MAC-access list configuration mode by using the
configuration command.
If you use the host keyword, you cannot enter an address mask; if you do not use the any or host
keywords, you must enter an address mask.
After an access control entry (ACE) is added to an access control list, an implied deny-any-any
condition exists at the end of the list. That is, if there are no matches, the packets are denied. However,
before the first ACE is added, the list permits all packets.
For more information about MAC named extended access lists, refer to the software configuration guide
Note
for this release.
Examples
This example shows how to define the MAC name extended access list to allow NETBIOS traffic from
any source to MAC address 00c0.00a0.03fa. Traffic matching this list is allowed.
Switch(config-ext-macl)# permit any host 00c0.00a0.03fa netbios
This example shows how to remove the permit condition from the MAC name extended access list:
Switch(config-ext-macl)# no permit any 00c0.00a0.03fa 0000.0000.0000 netbios
This example permits all packets with Ethertype 0x4321:
Switch(config-ext-macl)# permit any any 0x4321 0
You can verify your settings by entering the show access-lists privileged EXEC command.
Related Commands Command
deny
mac access-list extended
show access-lists
78-16181-01
mac access-list extended
Description
Denies non-IP traffic to be forwarded if conditions are matched.
Creates an access list based on MAC addresses for non-IP traffic.
Displays access control lists configured on a switch.
Catalyst 3750 Switch Command Reference
permit
global
2-205