Permit, deny (mac acl) – Asante Technologies 40240/40480-10G User Manual

[no] {permit | deny} untagged-802.3

{any | host source | source address-bitmask}
{any | host destination | destination address-bitmask}

•

tagged-eth2 – Tagged Ethernet II packets.

•

untagged-eth2 – Untagged Ethernet II packets.

•

tagged-802.3 – Tagged Ethernet 802.3 packets.

•

untagged-802.3 – Untagged Ethernet 802.3 packets.

•

any – Any MAC source or destination address.

• host – A specific MAC address.

• source – Source MAC address.

•

destination – Destination MAC address range with bitmask.

•

address-bitmask

27

– Bitmask for MAC address (in hexidecimal format).

• vid – VLAN ID. (Range: 1-4093)

•

vid-bitmask

27

– VLAN bitmask. (Range: 1-4093)

•

protocol – A specific Ethernet protocol number. (Range: 600-fff hex.)

• protocol-bitmask

27

– Protocol bitmask. (Range: 600-fff hex.)

Default Setting

None

Command Mode

MAC ACL

Command Usage

• New rules are added to the end of the list.

• The

ethertype option can only be used to filter Ethernet II formatted packets.

•

A detailed listing of Ethernet protocol types can be found in RFC 1060. A few

of the more common types include the following:

- 0800

-

IP

- 0806

-

ARP

- 8137

-

IPX

Example

This rule permits packets from any source MAC address to the destination address
00-e0-29-94-34-de where the Ethernet type is 0800.

Console(config-mac-acl)#permit any host 00-e0-29-94-34-de ethertype 0800

Console(config-mac-acl)#

Related Commands

access-list mac (26-12)

27. For all bitmasks, “1” means care and “0” means ignore.

26-14

Access Control List Commands

26