30-29
Catalyst2950 and Catalyst2955 Switch Software Configuration Guide
78-11380-10
Chapter30 Configuring QoS Configuring Standard QoS
For more information about creating IP extended ACLs, see the Guidelines for Applying ACLs to
Physical Interfaces section on page29-5 .
To delete an ACL, use the no access-list access-list-number global configuration command.
This example shows how to create an ACL that permits only TCP traffic from the destination IP address
128.88.1.2 with TCP port number 25:
Switch(config)# access-list 102 permit tcp 0.0.0.0 255.255.255.255 128.88.1.2 0.0.0.0 eq
25
Beginning in privileged EXEC mode, follow these steps to create a Layer 2 MAC ACL for Layer 2
traffic:
For more information about creating MAC extended ACLs, see the Creating Named MAC Extended
ACLs section on page 29-18.
To delete an ACL, use the no mac access-list extended name global configuration command.
Step4 show access-lists Verify your entries.
Step5 copy running-config startup-config (Optional) Save your entries in the configuration file.
Command Purpose
Command Purpose
Step1 configure terminal Enter global configuration mode.
Step2 mac access-list extended name Create a Layer 2 MAC ACL by specifying the name of the list.
After entering this command, the mode changes to extended MAC
ACL configuration.
Step3 permit {any | host source MAC address}
{any | host destination MAC address} [aarp
| amber | appletalk | dec-spanning |
decnet-iv | diagnostic | dsm | etype-6000 |
etype-8042 | lat | lavc-sca | mop-console |
mop-dump | msdos | mumps | netbios |
vines-echo |vines-ip | xns-idp]
Enter permit to permit access if conditions are matched.
Note Deny statements are not supported for QoS ACLs. See the
Classification Based on QoS ACLs section on page 30-5
for more details.
For source MAC address, enter the MAC address of the host from
which the packet is being sent. You specify this by using the any
keyword to deny any source MAC address or by using the host
keyword and the source in the hexadecimal format (H.H.H).
For destination MAC address, enter the MAC address of the host to
which the packet is being sent. You specify this by using the any
keyword to deny any destination MAC address or by using the host
keyword and the destination in the hexadecimal format (H.H.H).
(Optional) You can also enter these options:
aarp | amber | appletalk | dec-spanning | decnet-iv |
diagnostic | dsm | etype-6000 | etype-8042 | lat | lavc-sca |
mop-console | mop-dump | msdos | mumps | netbios |
vines-echo |vines-ip | xns-idp (a non-IP protocol).
Step4 end Return to privileged EXEC mode.
Step5 show access-lists [number | name] Verify your entries.
Step6 copy running-config startup-config (Optional) Save your entries in the configuration file.