Access Control List Commands
4-103
4
destination – Destination MAC address range with bitmask.
address-
bitmask*
– Bitmask for MAC address (in hexidecimal format).
vid – VLAN ID. (Range: 1-4095)
vid-bitmask* –
VLAN bitmask. (Range: 1-4095)
protocol – A specific Ethernet protocol number. (Range: 600-fff hex.)
protocol-bitmask* – Protocol bitmask. (
Range: 600-fff hex.
)
* For all bitmasks, “1” means care and “0” means ignore.
Default Setting
None
Command Mode
MAC ACL
Command Usage
New rules are added to the end of the list.
The ethertype option can only be used to filter Ethernet II formatted packets.
A detailed listing of Ethernet protocol types can be found in RFC 1060. A few
of the more common types include the following:
- 0800 - IP
- 0806 - ARP
- 8137 - IPX
Example
This rule permits packets from any source MAC address to the destination address
00-e0-29-94-34-de where the Ethernet type is 0800.
Related Commands
access-list mac (4-101)
show mac access-list
This command displays the rules for configured MAC ACLs.
Syntax
show mac access-list [acl_name]
acl_name – Name of the ACL. (Maximum length:16 characters)
Command Mode
Privileged Exec
Console(config-mac-acl)#permit any host 00-e0-29-94-34-de ethertype 0800
Console(config-mac-acl)#