5 access-list(mac extended), Access, List – PLANET XGS3-24042 User Manual
Page 941: Mac extended
47-7
Switch(config)#access-list 20 deny 10.1.1.0 0.0.255.255
47.5 access-list(mac extended)
Command:
access-list <num> {deny | permit} {any-source-mac | {host-source-mac <host_smac>} |
{<smac> <smac-mask>}} {any-destination-mac | {host-destination-mac <host_dmac>} |
{<dmac> <dmac-mask>}} {untagged-eth2 | tagged-eth2 | untagged-802-3 | tagged-802-3}
[<offset1> <length1> <value1> [ <offset2> <length2> <value2> [ <offset3> <length3>
<value3> [ <offset4> <length4> <value4> ]]]]]
no access-list <num>
Functions:
Define an extended numeric MAC ACL rule, “no access-list <num>” command deletes an
extended numeric MAC access-list rule.
Parameters:
<num> is the access-list No. which is a decimal’s No. from 1100-1199; deny if rules are matching,
deny access; permit if rules are matching, permit access; <any-source-mac> any source address;
<any-destination-mac> any destination address; <host_smac>, <smac> source MAC address;
<smac-mask> mask (reverse mask) of source MAC address; <host_dmac> , <dmac> destination
MAC address; <dmac-mask> mask (reverse mask) of destination MAC address; untagged-eth2
format of untagged ethernet II packet; tagged-eth2 format of tagged ethernet II packet;
untagged-802-3 format of untagged ethernet 802.3 packet; tagged-802-3 format of tagged
ethernet 802.3 packet. Offset(x) the offset from the packet head, the range is (12-79), the windows
must start from the back of source MAC, and the windows cannot superpose each other, and that is
to say: Offset(x+1) must be longer than Offset(x)+len(x); Length(x) length is 1-4, and Offset(x)
+Length(x) should not be longer than 80(currently should not be longer than 64); Value(x) hex
expression, Value range: when Length(x) =1, it is 0-ff, when Length(x) =2, it is 0-ffff , when
Length(x) =3, it is0-ffffff, when Length(x) =4, it is 0-ffffffff ;
For Offset(x), different types of data frames are with different value ranges:
for untagged-eth2 type frame: <12~75>
for untagged-802.2 type frame: <20~75>
for untagged-eth2 type frame: <12~79>
for untagged-eth2 type frame: <12~15> <24~79>
Command Mode:
Global mode
Default Configuration: