ACL Command s
deny (MAC)
SPS208G/SPS224G4/SPS2024 Command Line Interface Reference Guide 59
3
destination-wildcard —
(Optional for the first type) Specifies wildcard bits
by placing 1’s in bit positions to be ignored.
vlan-id
— Specifies the ID of the packet vlan.
cos
— Specifies the packet’s Class of Service (CoS).
cos-wildcard —
Specifies wildcard bits to be applied to the CoS.
eth-type
— Specifies the packet’s Ethernet type.
Default Configuration
This command has no default configuration.
Command Mode
MAC-Access List Configuration mode
User Guidelines
MAC BPDU packets cannot be denied.
This command defines an Access Control Element (ACE). An ACE can only be
removed by deleting the ACL, using the no mac access-list Global Configuration
mode command. Alternatively, the Web-based interface canbe used to delete
ACEs from an ACL.
Before an Access Control Element (ACE) is added to an ACL, all packets are
permitted. Af ter an ACE is added , an implied deny-any-any condition exists at the
end of the list and those packets that do not match the conditions defined in the
permit statement are denied.
If the VLAN ID is specified, the policy map cannot be connected to the VLAN
interface.
Example
The following example shows how to create a MAC ACL with deny rules on a
device.
Console(config)# mac access-list macl1
Console (config-mac-acl)# deny 00:00:00:00:10:00 any