PLANET WGSW-50040 User Manual

Commands for Security Function Chapter 6 Commands for TACACS+

rule.

Parameters:

any-source-mac: any source of MAC address;

any-destination-mac: any destination of MAC address;

host_smac, smac: source MAC address;

smac-mask: mask (reverse mask) of source MAC address ;

host_dmac, dmas destination MAC address;

dmac-mask mask (reverse mask) of destination MAC address;

untagged-eth2 format of untagged ethernet II packet;

tagged-eth2 format of tagged ethernet II packet;

untagged-802-3 format of untagged ethernet 802.3 packet;

tagged-802-3 format of tagged ethernet 802.3 packet;

cos-val: cos value, 0-7;

cos-bitmask: cos mask, 0-7reverse mask and mask bit is consecutive;

vid-value: VLAN No, 1-4094;

vid-bitmask: VLAN mask, 0-4095, reverse mask and mask bit is consecutive;

protocol: specific Ethernet protocol No., 1536-65535;

protocol-bitmask: protocol mask, 0-65535, reverse mask and mask bit is consecutive.

Notice: mask bit is consecutive means the effective bit must be consecutively effective from the first

bit on the left, no ineffective bit can be added through. For example: the reverse mask format of one

byte is: 00001111b; mask format is 11110000; and this is not permitted: 00010011.

Command Mode:

Name extended MAC access-list configuration mode

Default configuration:

No access-list configured.

Example:

The forward source MAC address is not permitted as 00-12-11-23-XX-XX of 802.3 data packet.

Switch(config)# mac-access-list extended macExt

Switch(Config-Mac-Ext-Nacl-macExt)#deny 00-12-11-23-00-00 00-00-00-00-ff-ff

any-destination-mac untagged-802-3

Switch(Config-Mac-Ext-Nacl-macExt)# deny 00-12-11-23-00-00 00-00-00-00-ff-ff

any tagged-802