Permit, deny (mac acl), Permit, deny, Mac acl) – LevelOne GTL-2691 User Manual

C

HAPTER

30

| Access Control Lists

MAC ACLs

– 987 –

C

OMMAND

U

SAGE

◆

When you create a new ACL or enter configuration mode for an existing

ACL, use the permit or deny command to add new rules to the bottom

of the list.

◆

To remove a rule, use the no permit or no deny command followed by

the exact text of a previously configured rule.

◆

An ACL can contain up to 128 rules.

E

XAMPLE

Console(config)#access-list mac jerry

Console(config-mac-acl)#

R

ELATED

C

OMMANDS

permit, deny (987)

mac access-group (989)

show mac access-list (990)

permit, deny

(MAC ACL)

This command adds a rule to a MAC ACL. The rule filters packets matching

a specified MAC source or destination address (i.e., physical layer address),

or Ethernet protocol type. Use the no form to remove a rule.

S

YNTAX

{permit | deny}

{any | host source | source address-bitmask}

{any | host destination | destination address-bitmask}

[vid vid vid-bitmask] [ethertype protocol [protocol-bitmask]]

[time-range time-range-name]

no {permit | deny}

{any | host source | source address-bitmask}

{any | host destination | destination address-bitmask}

[vid vid vid-bitmask] [ethertype protocol [protocol-bitmask]]

N

OTE

:

The default is for Ethernet II packets.

{permit | deny} tagged-eth2

{any | host source | source address-bitmask}

{any | host destination | destination address-bitmask}

[vid vid vid-bitmask] [ethertype protocol [protocol-bitmask]]

[time-range time-range-name]

no {permit | deny} tagged-eth2

{any | host source | source address-bitmask}

{any | host destination | destination address-bitmask}

[vid vid vid-bitmask] [ethertype protocol [protocol-bitmask]]