deny (MAC) 49
User Guidelines
Before an Access Control Element (ACE) is added to an ACL, all packets
are permitted. After an ACE is added, an implied deny-any-any
condition exists at the end of the list and those packets that do not match
the conditions defined in the permit statement are denied.
If the VLAN ID is specified, the policy map cannot be connected to the
VLAN interface.
The following example shows how to create a MAC ACL with permit
deny (MAC) The deny MAC-Access List Configuration mode command denies traffic
if the conditions defined in the deny statement match.
deny [disable-port] {any | {source source-wildcard} {any | {destination
destination- wildcard}}[vlan vlan-id] [cos cos cos-wildcard] [ethtype
■disable-port — Indicates that the port is disabled if the statement is
■source — Specifies the MAC address of the host from which the
packet was sent.
■source-wildcard — (Optional for the first type) Specifies wildcard bits
by placing 1s in bit positions to be ignored.
■destination — Specifies the MAC address of the host to which the
packet is being sent.
■destination-wildcard — (Optional for the first type) Specifies wildcard
bits by placing 1s in bit positions to be ignored.
■vlan-id — Specifies the ID of the packet vlan.
■cos — Specifies the packets’s Class of Service (CoS).
mac access-list
permit 6:6:6:6:6:6 0:0:0:0:0:0 any
vlan 6