24 permit | deny(mac-ip extended), Permit, Deny – PLANET XGS3-24040 User Manual
Page 745: Ip extended
Commands for Security Function Chapter 2 Commands for 802.1x
41-17
Notice: mask bit is consecutive means the effective bit must be consecutively effective from the first bit
on the left, no ineffective bit can be added through. For example: the reverse mask format of one byte is:
00001111b; mask format is 11110000; and this is not permitted: 00010011.
Command Mode: Name extended MAC access-list configuration mode
Default configuration: No access-list configured.
Example: The forward source MAC address is not permitted as 00-12-11-23-XX-XX of 802.3 data
packet.
Switch(config)# mac-access-list extended macExt
Switch(Config-Mac-Ext-Nacl-macExt)#deny 00-12-11-23-00-00
00-00-00-00-ff-ff
any-destination-mac untagged-802-3
Switch(Config-Mac-Ext-Nacl-macExt)# deny 00-12-11-23-00-00 00-00-00-00-ff-ff
any tagged-802
41.24 permit | deny(mac-ip extended)
Command:
[no] {deny|permit}
{any-source-mac|{host-source-mac<host_smac>}|{<smac><smac-mask>}}
{any-destination-mac|{host-destination-mac<host_dmac>}|{<dmac><dmac-mask>}}
icmp{{<source><source-wildcard>}|any-source|{host-source<source-host-ip>}}
{{<destination><destination-wildcard>}|any-destination|{host-destination <destination-host-ip>}}
[<icmp-type>
[<icmp-code>]] [precedence <precedence>] [tos
<tos>][time-range<time-range-name>]
[no]{deny|permit}
{any-source-mac|{host-source-mac<host_smac>}|{<smac><smac-mask>}}
{any-destination-mac|{host-destination-mac<host_dmac>}|{<dmac><dmac-mask>}}
igmp{{<source><source-wildcard>}|any-source| {host-source<source-host-ip>}}
{{<destination><destination-wildcard>}|any-destination|{host-destination <destination-host-ip>}}
[<igmp-type>] [precedence <precedence>] [tos <tos>][time-range<time-range-name>]
[no]{deny|permit}{any-source-mac|{host-source-mac
<host_smac>
}| { <smac>
<smac-mask>
}}{any-destination-mac|{host-destination-mac
<host_dmac>
}|{
<dmac>
<dmac-mask>
}}tcp{{
<source> <source-wildcard>
}|any-source| {host-source
<source-host-ip> }}[s-port { <port1> | range <sPortMin> <sPortMax> }] {{ <destination>
<destination-wildcard> } | any-destination| {host-destination <destination-host-ip> }} [d-port
{ <port3> | range <dPortMin> <dPortMax> }] [ack + fin + psh + rst + urg + syn] [precedence
<precedence> ] [tos <tos> ][time-range <time-range-name> ]