Guidelines and limitations, Default settings, Configuring ethertype access lists – Cisco ASA 5505 User Manual

Page 396: Task flow for configuring ethertype access lists

Advertising

16-2

Cisco ASA 5500 Series Configuration Guide using the CLI

Chapter 16 Adding an EtherType Access List

Guidelines and Limitations

This section includes the guidelines and limitations for this feature.

Context Mode Guidelines

Available in single and multiple context modes.

Firewall Mode Guidelines

Supported in transparent firewall mode only.

IPv6 Guidelines

Supports IPv6.

Additional Guidelines and Limitations

The following guidelines and limitations apply to EtherType access lists:

•

For EtherType access lists, the implicit deny at the end of the access list does not affect IP traffic or
ARPs; for example, if you allow EtherType 8037, the implicit deny at the end of the access list does
not now block any IP traffic that you previously allowed with an extended access list (or implicitly
allowed from a high security interface to a low security interface). However, if you explicitly deny
all traffic with an EtherType ACE, then IP and ARP traffic is denied.

•

802.3-formatted frames are not handled by the access list because they use a length field as opposed
to a type field.

•

See the

“Supported EtherTypes and Other Traffic” section on page 34-6

for more information about

supported traffic.

Default Settings

Access list logging generates system log message 106023 for denied packets. Deny packets must be
present to log denied packets.

When you configure logging for the access list, the default severity level for system log message 106100
is 6 (informational).

Configuring EtherType Access Lists

This section includes the following topics: