Support User Manuals

Cisco Systems 78-15328-01 Switch User Manual

Open as PDF

of 1209

2-521

Catalyst 6500 Series Switch Command Reference—Release 7.6

78-15328-01

Chapter 2 Catalyst 6500 Series Switch and ROM Monitor Commands

set security acl mac

• Cannot be a number

• Must not be a keyword; keywords to avoid are all, default-action, map, help, and editbuffer

The src_mac_addr_spec is a 48-bit source MAC address and mask and entered in the form of

source_mac_address source_mac_address_mask (for example, 08-11-22-33-44-55 ff-ff-ff-ff-ff-ff).

Place ones in the bit positions you want to mask. When you specify the src_mac_addr_spec, follow these

guidelines:

• The source_mask is required; 0 indicates a care bit; 1 indicates a don’t-care bit.

• Use a 32-bit quantity in four-part dotted-decimal format.

• Use the keyword any as an abbreviation for a source and source-wildcard of 0.0.0.0

255.255.255.255.

• Use host source as an abbreviation for a source and source-wildcard of source 0.0.0.0.

The dest_mac_spec is a 48-bit destination MAC address and mask and entered in the form of

dest_mac_address dest_mac_address_mask (for example, 08-00-00-00-02-00/ff-ff-ff-00-00-00). Place

ones in the bit positions you want to mask. The destination mask is mandatory. When you specify the

dest_mac_spec, use the following guidelines:

• Use a 48-bit quantity in 6-part dotted-hexadecimal format for a source address and mask.

• Use the keyword any as an abbreviation for a source and source-wildcard of 0-0-0-0-0-0-0

ff-ff-ff-ff-ff-ff.

• Use host source as an abbreviation for a destination and destination-wildcard of destination

0-0-0-0-0-0.

Valid names for Ethertypes (and corresponding numbers) are EtherTalk (0x809B), AARP (0x8053),

dec-mop-dump (0x6001), dec-mop-remote-console (0x6002), dec-phase-iv (0x6003), dec-lat (0x6004),

dec-diagnostic-protocol (0x6005), dec-lavc-sca (0x6007), dec-amber (0x6008), dec-mumps (0x6009),

dec-lanbridge (0x8038), dec-dsm (0x8039), dec-netbios (0x8040), dec-msdos (0x8041),

banyan-vines-echo (0x0baf), xerox-ns-idp (0x0600), and xerox-address-translation (0x0601).

Use the show security acl command to display the list.

Examples This example shows how to block traffic to an IP address:

Console> (enable) set security acl mac MACACL1 deny 01-02-02-03-04-05

MACACL1 editbuffer modified. User ‘commit’ command to apply changes.

Console> (enable)

Related Commands clear security acl

clear security acl capture-ports

clear security acl map

commit

set security acl map

set security acl capture-ports

show security acl

show security acl capture-ports

previous next