6 access-list(mac-ip extended), Access, List – PLANET XGS3-24040 User Manual
Page 734: Ip extended
Commands for Security Function Chapter 2 Commands for 802.1x
41-6
Examples: Permit tagged-eth2 with any source MAC addresses and any destination MAC addresses
and the packets whose 17th and 18th byte is 0x08 , 0x0 to pass.
Switch(config)#access-list 1100 permit any-source-mac any-destination-mac tagged-eth2 16 2
0800
41.6 access-list(mac-ip extended)
Command:
access-list<num>{deny|permit}{any-source-mac|
{host-source-mac<host_smac>}|{<smac><smac-mask>}}
{any-destination-mac|{host-destination-mac
<host_dmac>}|{<dmac><dmac-mask>}}icmp
{{<source><source-wildcard>}|any-source|{host-source<source-host-ip>}}
{{<destination><destination-wildcard>}|any-destination|
{host-destination<destination-host-ip>}}[<icmp-type> [<icmp-code>]] [precedence <precedence>]
[tos <tos>][time-range<time-range-name>]
access-list<num>{deny|permit}{any-source-mac|
{host-source-mac<host_smac>}|{<smac><smac-mask>}}
{any-destination-mac|{host-destination-mac
<host_dmac>}|{<dmac><dmac-mask>}}igmp
{{<source><source-wildcard>}|any-source|{host-source<source-host-ip>}}
{{<destination><destination-wildcard>}|any-destination| {host-destination<destination-host-ip>}}
[<igmp-type>] [precedence <precedence>] [tos <tos>][time-range<time-range-name>]
access-list <num> {deny|permit}{any-source-mac| {host-source-mac <host_smac> }|{ <smac>
<smac-mask>
}}{any-destination-mac| {host-destination-mac
<host_dmac>
}|{
<dmac>
<dmac-mask>
}}tcp {{
<source>
<source-wildcard>
}|any-source| {host-source
<source-host-ip> }}[s-port{ <port1> | range <sPortMin> <sPortMax> }] {{ <destination>
<destination-wildcard> } | any-destination | {host-destination <destination-host-ip> }} [d-port
{ <port3> | range <dPortMin> <dPortMax> }] [ack+fin+psh+rst+urg+syn] [precedence
<precedence> ] [tos <tos> ] [time-range <time-range-name> ]
access-list <num> {deny|permit}{any-source-mac| {host-source-mac <host_smac> }|{ <smac>
<smac-mask>
}}{any-destination-mac| {host-destination-mac
<host_dmac>
}|{
<dmac>
<dmac-mask>
}}udp {{
<source>
<source-wildcard>
}|any-source| {host-source
<source-host-ip> }}[s-port{ <port1> | range <sPortMin> <sPortMax> }] {{ <destination>
<destination-wildcard>
}|any-destination|
{host-destination
<destination-host-ip> }}[d-port{ <port3> | range <dPortMin> <dPortMax> }] [precedence
<precedence> ] [tos <tos> ][time-range <time-range-name> ]
access-list <num> {deny|permit}{any-source-mac| {host-source-mac <host_smac> }|{ <smac>
<smac-mask>
}} {any-destination-mac|{host-destination-mac
<host_dmac>
}|{
<dmac>
<dmac-mask>
}} {eigrp|gre|igrp|ip|ipinip|ospf|{
<protocol-num>
}}
{{
<source>
<source-wildcard>
}|any-source|{host-source
<source-host-ip>
}} {{
<destination>
<destination-wildcard> }|any-destination| {host-destination <destination-host-ip> }} [precedence
<precedence> ] [tos <tos> ][time-range <time-range-name> ]
Functions: Define a extended numeric MAC-IP ACL rule, ‘No’ command deletes a extended numeric
MAC-IP ACL access-list rule.
Parameters: num access-list serial No. this is a decimal’s No. from 3100-3299;deny if rules are