ACL Command s
deny (MAC)
SPS208G/SPS224G4/SPS2024 Command Line Interface Reference Guide 58
3
User Guidelines
Before an Access Control Element (ACE) is added to an ACL, all packets are
permitted. After an ACE is added, an implied deny-any-any condition exists at the
end of the list and those packets that do not match the conditions defined in the
permit statement are denied.
If the VLAN ID is specified, the policy map cannot be connected to the VLAN
interface.
Example
The following example shows how to create a MAC ACL with permit rules.
Console(config)# mac access-list macl-acl1
Console(config-mac-al)# permit 6:6:6:6:6:6 0:0:0:0:0:0 ny vlan 6
deny (MAC)The deny MAC-Access List Configuration mode command denies traffic if the
conditions defined in the deny statement match.
Syntax
deny [disable-port] {any | {
source source-wildcard
} {any | {
destination destination-
wildcard
}}[vlan
vlan-id
]
[cos
cos cos-wildcard
] [ethtype
eth-type
]
Parameters
•disable-port — Indicates that the port is disabled if the statement is deny.
•
source
— Specifies the MAC address of the host from which the packet
was sent.
•
source-wildcard —
(Optional for the first type) Specifies wildcard bits by
placing 1’s in bit positions to be ignored.
•
destination
— Specifies the MAC address of the host to which the packet is
being sent.