30-29
Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide
78-11380-10
Chapter 30 Configuring QoS
Configuring Standard QoS
For more information about creating IP extended ACLs, see the “Guidelines for Applying ACLs to
Physical Interfaces” section on page 29-5.
To delete an ACL, use the no access-list access-list-number global configuration command.
This example shows how to create an ACL that permits only TCP traffic from the destination IP address
128.88.1.2 with TCP port number 25:
Switch(config)# access-list 102 permit tcp 0.0.0.0 255.255.255.255 128.88.1.2 0.0.0.0 eq
25
Beginning in privileged EXEC mode, follow these steps to create a Layer 2 MAC ACL for Layer 2
traffic:
For more information about creating MAC extended ACLs, see the “Creating Named MAC Extended
ACLs” section on page 29-18.
To delete an ACL, use the no mac access-list extended name global configuration command.
Step 4
show access-lists Verify your entries.
Step 5
copy running-config startup-config (Optional) Save your entries in the configuration file.
Command Purpose
Command Purpose
Step 1
configure terminal Enter global configuration mode.
Step 2
mac access-list extended name Create a Layer 2 MAC ACL by specifying the name of the list.
After entering this command, the mode changes to extended MAC
ACL configuration.
Step 3
permit {any | host source MAC address}
{any | host destination MAC address} [aarp
| amber | appletalk | dec-spanning |
decnet-iv | diagnostic | dsm | etype-6000 |
etype-8042 | lat | lavc-sca | mop-console |
mop-dump | msdos | mumps | netbios |
vines-echo |vines-ip | xns-idp]
Enter permit to permit access if conditions are matched.
Note Deny statements are not supported for QoS ACLs. See the
“Classification Based on QoS ACLs” section on page 30-5
for more details.
For source MAC address, enter the MAC address of the host from
which the packet is being sent. You specify this by using the any
keyword to deny any source MAC address or by using the host
keyword and the source in the hexadecimal format (H.H.H).
For destination MAC address, enter the MAC address of the host to
which the packet is being sent. You specify this by using the any
keyword to deny any destination MAC address or by using the host
keyword and the destination in the hexadecimal format (H.H.H).
(Optional) You can also enter these options:
aarp | amber | appletalk | dec-spanning | decnet-iv |
diagnostic | dsm | etype-6000 | etype-8042 | lat | lavc-sca |
mop-console | mop-dump | msdos | mumps | netbios |
vines-echo |vines-ip | xns-idp (a non-IP protocol).
Step 4
end Return to privileged EXEC mode.
Step 5
show access-lists [number | name] Verify your entries.
Step 6
copy running-config startup-config (Optional) Save your entries in the configuration file.