ACCESS CONTROL LISTS

3.Permit all TCP packets from class C addresses 192.168.1.0 with the TCP control code set to “SYN.”

Console(config-ext-acl)#permit 10.7.1.1 255.255.255.0 any

4-79

Console(config-ext-acl)#permit 192.168.1.0 255.255.255.0 any dport 80

Console(config-ext-acl)#permit 192.168.1.0 255.255.255.0 any tcp control-code 2 2

Console(config-std-acl)#

Configuring a MAC ACL

Command Usage

Egress MAC ACLs only work for destination-mac-known packets, not for multicast, broadcast, or destination-mac-unknown packets.

Command Attributes

Action – An ACL can contain all permit rules or all deny rules. (Default: Permit rules)

Source/Destination MAC – Source or destination MAC address.

Source/Destination Mask – Binary mask for source or destination MAC address.

Ethernet Type – This option can only be used to filter Ethernet II formatted packets. (Range: 600-fff hex.)

A detailed listing of Ethernet protocol types can be found in RFC 1060. A few of the more common types include 0800 (IP), 0806 (ARP), 8137 (IPX).

Packet Format – This attribute includes the following packet types:

-Any – Any Ethernet packet type.

-Untagged-eth2– Untagged Ethernet II packets.

-Untagged-802.3– Untagged Ethernet 802.3 packets.

-Tagged-eth2– Tagged Ethernet II packets.

-Tagged-802.3– Tagged Ethernet 802.3 packets.

3-47

Page 95
Image 95
SMC Networks SMC6724L3 manual Configuring a MAC ACL, Command Usage