Filter
Top Products
Command Line Interface
4-100
4
Related Commands
permit, deny (4-100)
mac access-group (4-105)
show mac access-list (4-101)
permit, deny (MAC ACL)
This command adds a rule to a MAC ACL. The rule filters packets matching a
specified MAC source or destination address (i.e., physical layer address), or
Ethernet protocol type. Use the no form to remove a rule.
Syntax
[no]
{
permit
|
deny
}
{
any
|
host
source | source address-bitmask}
{
any
|
host
destination | destination address-bitmask}
[
vid
vid vid-bitmask] [
ethertype
protocol [protocol-bitmask]]
Note:- The default is for Ethernet II packets.
[no]
{
permit
|
deny
}
tagged-eth2
{
any
|
host
source | source address-bitmask}
{
any
|
host
destination | destination address-bitmask}
[
vid
vid vid-bitmask] [
ethertype
protocol [protocol-bitmask]]
[no]
{
permit
|
deny
}
untagged-eth2
{
any
|
host
source | source address-bitmask}
{
any
|
host
destination | destination address-bitmask}
[
ethertype
protocol [protocol-bitmask]]
[no]
{
permit
|
deny
}
tagged-802.3
{
any
|
host
source | source address-bitmask}
{
any
|
host
destination | destination address-bitmask}
[
vid
vid vid-bitmask]
[no]
{
permit
|
deny
}
untagged-802.3
{
any
|
host
source | source address-bitmask}
{
any
|
host
destination | destination address-bitmask}
• tagged-eth2 – Tagged Ethernet II packets.
• untagged-eth2 – Untagged Ethernet II packets.
• tagged-802.3 – Tagged Ethernet 802.3 packets.
• untagged-802.3 – Untagged Ethernet 802.3 packets.
• any – Any MAC source or destination address.
• host – A specific MAC address.
• source – Source MAC address.
• destination – Destination MAC address range with bitmask.
• address-
bitmask
29
– Bitmask for MAC address (in hexidecimal format).
• vid – VLAN ID. (Range: 1-4093)
29. For all bitmasks, “1” means care and “0” means ignore.