16-5
Cisco ASA 5500 Series Configuration Guide using the CLI
Chapter16 Adding an EtherType Access List
Configuration Examples for EtherType Access Lists
Configuration Examples for EtherType Access Lists
The following example shows how to configure EtherType access lists:
The following access list allows some EtherTypes through the ASA, but it denies IPX:
hostname(config)# access-list ETHER ethertype deny ipx
hostname(config)# access-list ETHER ethertype permit 0x1234
hostname(config)# access-list ETHER ethertype permit mpls-unicast
hostname(config)# access-group ETHER in interface inside
hostname(config)# access-group ETHER in interface outside
The following access list denies traffic with EtherType 0x1256, but it allows all others on both interfaces:
hostname(config)# access-list nonIP ethertype deny 1256
hostname(config)# access-list nonIP ethertype permit any
hostname(config)# access-group ETHER in interface inside
hostname(config)# access-group ETHER in interface outside
Feature History for EtherType Access Lists
Table16-1 lists each feature change and the platform release in which it was implemented.
Table16-1 Feature History for EtherType Access Lists
Feature Name Releases Feature Information
EtherType access lists 7.0(1) EtherType access lists control traffic based upon its
EtherType.
We introduced the feature and the following command:
access-list ethertype.