16 mac access extended, Mac access extended – PLANET XGS3-24042 User Manual

47-17

3. IP ACL that match flowlabel can not be bound

There are four kinds of packet head field based on concerned: MAC ACL, IP ACL, MAC-IP ACL and

IPv6 ACL; to some extent, ACL filter behavior (permit, deny) has a conflict when a data packet

matches multi types of four ACLs. The strict priorities are specified for each ACL based on outcome

veracity. It can determine final behavior of packet filter through priority when the filter behavior has a

conflict.

When binding ACL to port, there are some limits as below:

1. Each port can bind a MAC-IP ACL, a IP ACL, a MAC ACL and a IPv6 ACL;

2. When binding four ACLs and data packet matching the multi ACLs simultaneity, the priority from

high to low are shown as below,

Ingress IPv6 ACL

Ingress MAC-IP ACL

Ingress MAC ACL

Ingress IP ACL

Example:

Binding AAA access-list to entry direction of port.

Switch(Config-If-Ethernet1/0/1)#ip access-group aaa in

47.16 mac access extended

Command:

mac-access-list extended <name>

no mac-access-list extended <name>

Functions:

Define a name-manner MAC ACL or enter access-list configuration mode, “no mac-access-list

extended <name>” command deletes this ACL.

Parameters:

<name> name of access-list excluding blank or quotation mark, and it must start with letter, and the

length cannot exceed 32. (remark: sensitivity on capital or small letter.)

Command Mode:

Global mode

Default Configuration:

No access-lists configured.

Usage Guide:

After assigning this command for the first time, only an empty name access-list is created and no list

item included.