5 access-list(mac extended), Access, List – PLANET XGS3-24040 User Manual
Page 733: Mac extended
Commands for Security Function Chapter 2 Commands for 802.1x
41-5
notation.
Command Mode: Global mode
Default: No access-lists configured.
Usage Guide: When the user assign specific <num> for the first time, ACL of the serial number is
created, then the lists are added into this ACL.
Examples: Create a numeric standard IP access-list whose serial No. is 20, and permit date packets with
source address of 10.1.1.0/24 to pass, and deny other packets with source address of 10.1.1.0/16.
Switch(config)#access-list 20 permit 10.1.1.0 0.0.0.255
Switch(config)#access-list 20 deny 10.1.1.0 0.0.255.255
41.5 access-list(mac extended)
Command: access-list <num> {deny | permit} {any-source-mac | {host-source-mac <host_smac>}
| {<smac> <smac-mask>}} {any-destination-mac | {host-destination-mac <host_dmac>} | {<dmac>
<dmac-mask>}} {untagged-eth2|tagged-eth2| untagged-802-3 |tagged-802-3}[ <offset1> <length1>
<value1> [ <offset2> <length2> <value2> [ <offset3> <length3> <value3> [ <offset4> <length4>
<value4> ]]]]]
no access-list <num>
Functions: Define a extended numeric MAC ACL rule, “no access-list <num>” command deletes an
extended numeric MAC access-list rule.
Parameters:
<num> is the access-list No. which is a decimal’s No. from 1100-1199; deny if rules are matching, deny
access; permit if rules are matching, permit access; <any-source-mac> any source address;
<any-destination-mac> any destination address; <host_smac>, <smac> source MAC address;
<smac-mask> mask (reverse mask) of source MAC address; <host_dmac> , <dmac> destination MAC
address; <dmac-mask> mask (reverse mask) of destination MAC address; untagged-eth2 format of
untagged ethernet II packet; tagged-eth2 format of tagged ethernet II packet; untagged-802-3 format
of untagged ethernet 802.3 packet; tagged-802-3 format of tagged ethernet 802.3 packet. Offset(x) the
offset from the packet head, the range is (12-79), the windows must start from the back of source MAC,
and the windows cannot superpose each other, and that is to say: Offset(x+1) must be longer than
Offset(x)+len(x); Length(x) length is 1-4 , and Offset(x)+Length(x) should not be longer than 80
(currently should not be longer than 64); Value(x) hex expression, Value range: when Length(x)
=1, it is 0-ff , when Length(x) =2, it is 0-ffff , when Length(x) =3, it is0-ffffff, when Length(x) =4, it is
0-ffffffff ;
For Offset(x), different types of data frames are with different value ranges:
for untagged-eth2 type frame: <12~52>
for untagged-802.2 type frame: <12~60>
for untagged-eth2 type frame: <12~56>
for untagged-eth2 type frame: <12~64>
Command Mode: Global mode
Default Configuration: No access-list configured
Usage Guide: When the user assign specific <num> for the first time, ACL of the serial number is
created, then the lists are added into this ACL.