Deny (Mac) - Cisco 300 Series Cli Manual

48
784
48.9

deny (MAC)

Use the deny command in MAC Access List Configuration mode to set deny
conditions (ACEs) for a MAC ACL.
Syntax
{any | source source-wildcard} {any | destination destination-wildcard}
deny
[{eth-type 0}| aarp | amber | dec-spanning | decnet-iv | diagnostic | dsm |
etype-6000] [vlan vlan-id] [cos cos cos-wildcard] [time-range time-range-name]
[disable-port | log-input]
Parameters
•
source—Source MAC address of the packet.
•
source-wildcard—Wildcard bits to be applied to the source MAC address.
Use ones in the bit position that you want to be ignored.
•
destination—Destination MAC address of the packet.
•
destination-wildcard—Wildcard bits to be applied to the destination MAC
address. Use 1s in the bit position that you want to be ignored.
•
eth-type—The Ethernet type in hexadecimal format of the packet.
•
vlan-id—The VLAN ID of the packet. (Range: 1–4094)
•
cos—The Class of Service of the packet.(Range: 0–7)
•
cos-wildcard—Wildcard bits to be applied to the CoS.
•
time-range-name—Name of the time range that applies to this permit
statement.(Range: 1–32)
•
disable-port—The Ethernet interface is disabled if the condition is matched.
•
log-input—Sends an informational syslog message about the packet that
matches the entry. Because forwarding is done in hardware and logging is
done in software, if a large number of packets match a deny ACE containing
a log-input keyword, the software might not be able to match the hardware
processing rate, and not all packets will be logged.
Default Configuration
No MAC access list is defined.
78-21075-01 Command Line Interface Reference Guide
ACL Commands