Access Control List Commands
4-1034
•destination – Destination MAC address range with bitmask.
•address-
bitmask*
– Bitmask for MAC address (in hexidecimal format).
• vid – VLAN ID. (Range: 1-4095)
•
vid-bitmask* –
VLAN bitmask. (Range: 1-4095)
•protocol – A specific Ethernet protocol number. (Range: 600-fff hex.)
•protocol-bitmask* – Protocol bitmask. (
Range: 600-fff hex.
)
* For all bitmasks, “1” means care and “0” means ignore.
Default Setting
None
Command Mode
MAC ACL
Command Usage
• New rules are added to the end of the list.
• The ethertype option can only be used to filter Ethernet II formatted packets.
• A detailed listing of Ethernet protocol types can be found in RFC 1060. A few
of the more common types include the following:
- 0800 - IP
- 0806 - ARP
- 8137 - IPX
Example
This rule permits packets from any source MAC address to the destination address
00-e0-29-94-34-de where the Ethernet type is 0800.
Related Commands
access-list mac (4-101)
show mac access-list This command displays the rules for configured MAC ACLs.
Syntax
show mac access-list [acl_name]
acl_name – Name of the ACL. (Maximum length:16 characters)
Command Mode
Privileged Exec
Console(config-mac-acl)#permit any host 00-e0-29-94-34-de ethertype 0800
Console(config-mac-acl)#