16-2
Cisco ASA 5500 Series Configuration Guide using the CLI
Chapter16 Adding an EtherType Access List
Guidelines and Limitations
Guidelines and Limitations
This section includes the guidelines and limitations for this feature.
Context Mode Guidelines
Available in single and multiple context modes.
Firewall Mode Guidelines
Supported in transparent firewall mode only.
IPv6 Guidelines
Supports IPv6.
Additional Guidelines and Limitations
The following guidelines and limitations apply to EtherType access lists:
For EtherType access lists, the implicit deny at the end of the access list does not affect IP traffic or
ARPs; for example, if you allow EtherType 8037, the implicit deny at the end of the access list does
not now block any IP traffic that you previously allowed with an extended access list (or implicitly
allowed from a high security interface to a low security interface). However, if you explicitly deny
all traffic with an EtherType ACE, then IP and ARP traffic is denied.
802.3-formatted frames are not handled by the access list because they use a length field as opposed
to a type field.
See the “Supported EtherTypes and Other Traffic” section on page34-6 for more information about
supported traffic.
Default Settings
Access list logging generates system log message 106023 for denied packets. Deny packets must be
present to log denied packets.
When you configure logging for the access list, the default severity level for system log message 106100
is 6 (informational).
Configuring EtherType Access Lists
This section includes the following topics:
Task Flow for Configuring EtherType Access Lists, page16-2
Adding EtherType Access Lists, page16-3
Adding Remarks to Access Lists, page 16-4

Task Flow for Configuring EtherType Access Lists

Use the following guidelines to create and implement an access list: