PLANET WGSW-52040 User Manual
Page 618
38-158
[ <cos-bitmask> ]] [vlanId <vid-value> [ <vid-mask> ]] [ethertype <protocol> [ <protocol-mask> ]]
[no]{deny|permit} {any-source-mac|{host-source-mac <host_smac> }|{ <smac> <smac-mask> }}
{any-destination-mac|{host-destination-mac <host_dmac> }|{ <dmac> <dmac-mask> }} [untagged-eth2
[ethertype <protocol> [protocol-mask]]]
[no]{deny|permit}{any-source-mac|{host-source-mac <host_smac> }|{ <smac> <smac-mask> }}
{any-destination-mac|{host-destination-mac <host_dmac> }|{ <dmac> <dmac-mask> }} [untagged-802-3]
[no]{deny|permit} {any-source-mac|{host-source-mac <host_smac> }|{ <smac> <smac-mask> }}
{any-destination-mac|{host-destination-mac <host_dmac> }|{ <dmac> <dmac-mask> }} [tagged-eth2 [cos
<cos-val> [ <cos-bitmask> ]] [vlanId <vid-value> [ <vid-mask> ]] [ethertype <protocol> [ <protocol-mask> ]]]
[no]{deny|permit}{any-source-mac|{host-source-mac <host_smac> }|{ <smac> <smac-mask> }}
{any-destination-mac|{host-destination-mac <host_dmac> }|{ <dmac> <dmac-mask> }} [tagged-802-3 [cos
<cos-val> [ <cos-bitmask> ]] [vlanId <vid-value> [ <vid-mask> ]]]
Functions:
Define an extended name MAC ACL rule, and no command deletes this extended name IP access rule.
Parameters:
any-source-mac: any source of MAC address; any-destination-mac: any destination of MAC address; host_smac,
smac: source MAC address; smac-mask: mask (reverse mask) of source MAC address; host_dmac, dmas
destination MAC address; dmac-mask mask (reverse mask) of destination MAC address; untagged-eth2 format of
untagged ethernet II packet; tagged-eth2 format of tagged ethernet II packet; untagged-802-3 format of untagged
ethernet 802.3 packet; tagged-802-3 format of tagged ethernet 802.3 packet; cos-val: cos value, 0-7; cos-bitmask:
cos mask, 0-7reverse mask and mask bit is consecutive; vid-value: VLAN No, 1-4094; vid-bitmask: VLAN mask,
0-4095, reverse mask and mask bit is consecutive; protocol: specific Ethernet protocol No., 1536-65535;
protocol-bitmask: protocol mask, 0-65535, reverse mask and mask bit is consecutive.
Notice: mask bit is consecutive means the effective bit must be consecutively effective from the first bit on the left,
no ineffective bit can be added through. For example: the reverse mask format of one byte is: 00001111b; mask
format is 11110000; and this is not permitted: 00010011.
Command Mode:
Name extended MAC access-list configuration mode
Default configuration:
No access-list configured.
Example:
The forward source MAC address is not permitted as 00-12-11-23-XX-XX of 802.3 data packet.
Switch(config)# mac-access-list extended macExt
Switch(Config-Mac-Ext-Nacl-macExt)#deny 00-12-11-23-00-00 00-00-00-00-ff-ff any-destination-mac
untagged-802-3