6 access-list(mac-ip extended), Access, List – PLANET WGSW-50040 User Manual

Commands for Security Function Chapter 6 Commands for TACACS+

<num> is the access-list No. which is a decimal’s No. from 1100-1199;

deny if rules are matching, deny access;

permit if rules are matching, permit access;

<any-source-mac> any source address;

<any-destination-mac> any destination address;

<host_smac>, <smac> source MAC address;

<num> is the access-list No. which is a decimal’s No. from 1100-1199;

deny if rules are matching, deny access;

permit if rules are matching, permit access;

<any-source-mac> any source address;

<any-destination-mac> any destination address;

<host_smac>, <smac> source MAC address;

<smac-mask> mask (reverse mask) of source MAC address;

<host_dmac> , <dmac> destination MAC address;

<dmac-mask> mask (reverse mask) of destination MAC address;

untagged-eth2 format of untagged ethernet II packet;

tagged-eth2 format of tagged ethernet II packet;

untagged-802-3 format of untagged ethernet 802.3 packet;

tagged-802-3 format of tagged ethernet 802.3 packet.

Command Mode:

Global mode

Default Configuration:

No access-list configured

Usage Guide:

When the user assign specific <num> for the first time, ACL of the serial number is created, then the

lists are added into this ACL.

Examples: P

Permit tagged-eth2 with any source MAC addresses and any destination MAC addresses and the

packets pass.

Switch(config)#access-list 1100 permit any-source-mac any-destination-mac

tagged-eth2

21.6 access-list(mac-ip extended)

Command:

access-list<num>{deny|permit}{any-source-mac|