Creating Named MAC Extended ACLs
Step 1 configure terminal to enter global configuration mode
Step 2 mac access-list extended name Define an extended MAC access list using a name.
Step 3
(Deny | permit)
(Any | host source MACaddress | source MAC address mask)
(Any | host destination MAC address | destination MAC address mask) [type mask | lsap lsap mask | aarp | amber | dec-spanning | decnet-iv | diagnostic | dsm | etype-6000 | etype-8042 | lat | lavc-sca | mop-console | mop-dump | msdos | mumps | netbios | vines-echo | vines-ip | xns-idp | 0-65535]
[Cos cos]
Step 4 end Return to privileged EXEC mode.
Step 5 show access-lists [number | name] Show the access list configuration.
Step 6 copy running-config startup-config (Optional) Save your entries in the configuration file.
This example shows how to create and display an access list named mac1, denying only EtherType
DECnet Phase IV traffic, but permitting all other types of traffic.
Switch (config) # mac access-list extended mac1
Switch (config-ext-macl) # deny any any decnet-iv
Switch (config-ext-macl) # permit any any
Switch (config-ext-macl) # end
Switch # show access-lists
Extended MAC access list mac1
10 deny any any decnet-iv
20 permit any any
Step 1 configure terminal to enter global configuration mode
Step 2 mac access-list extended name Define an extended MAC access list using a name.
Step 3
(Deny | permit)
(Any | host source MACaddress | source MAC address mask)
(Any | host destination MAC address | destination MAC address mask) [type mask | lsap lsap mask | aarp | amber | dec-spanning | decnet-iv | diagnostic | dsm | etype-6000 | etype-8042 | lat | lavc-sca | mop-console | mop-dump | msdos | mumps | netbios | vines-echo | vines-ip | xns-idp | 0-65535]
[Cos cos]
Step 4 end Return to privileged EXEC mode.
Step 5 show access-lists [number | name] Show the access list configuration.
Step 6 copy running-config startup-config (Optional) Save your entries in the configuration file.
This example shows how to create and display an access list named mac1, denying only EtherType
DECnet Phase IV traffic, but permitting all other types of traffic.
Switch (config) # mac access-list extended mac1
Switch (config-ext-macl) # deny any any decnet-iv
Switch (config-ext-macl) # permit any any
Switch (config-ext-macl) # end
Switch # show access-lists
Extended MAC access list mac1
10 deny any any decnet-iv
20 permit any any
No comments:
Post a Comment