mac access-list filter

Use this command to define an access control entry (ACE) in a mac access control list (ACL) that determines whether to permit or deny packets with the given source and destination MAC, ethertype cos and VLAN identifiers.

Use the no form of this command to remove an ACL specification. ACL specification can be removed using the sequence number as well.

Configuring same filter again with change of sequence number or change of action will result in update of sequence number or filter action.

Ether type option is not supported by hardware in egress direction

Command Syntax

Copy 
(<1-268435453>|)(deny|permit) (any | (XX-XX-XX-XX-XX- XX|XX:XX:XX:XX:XX:XX|XXXX.XXXX.XXXX) (XX-XX-XX-XX-XX- XX|XX:XX:XX:XX:XX:XX|XXXX.XXXX.XXXX) | host (XX-XX-XX-XX-XX- XX|XX:XX:XX:XX:XX:XX|XXXX.XXXX.XXXX)) (any | (XX-XX-XX-XX-XX- XX|XX:XX:XX:XX:XX:XX|XXXX.XXXX.XXXX) (XX-XX-XX-XX-XX- XX|XX:XX:XX:XX:XX:XX|XXXX.XXXX.XXXX) | host (XX-XX-XX-XX-XX- XX|XX:XX:XX:XX:XX:XX|XXXX.XXXX.XXXX)) (aarp|appletalk|decnet- iv|diagnostic|etype-6000|etype-8042 |ip4|ip6|lat|lavc-sca|mop-console|mop- dump|vines-echo|WORD|) (cos <0-7>|)(vlan <1-4094>|) (inner-vlan <1-4094>|) (log|) (sample|)

no (<1-268435453>|)(deny|permit) (any | (XX-XX-XX-XX-XX- XX|XX:XX:XX:XX:XX:XX|XXXX.XXXX.XXXX) (XX-XX-XX-XX-XX- XX|XX:XX:XX:XX:XX:XX|XXXX.XXXX.XXXX) | host (XX-XX-XX-XX-XX- XX|XX:XX:XX:XX:XX:XX|XXXX.XXXX.XXXX)) (any | (XX-XX-XX-XX-XX- XX|XX:XX:XX:XX:XX:XX|XXXX.XXXX.XXXX) (XX-XX-XX-XX-XX- XX|XX:XX:XX:XX:XX:XX|XXXX.XXXX.XXXX) | host (XX-XX-XX-XX-XX- XX|XX:XX:XX:XX:XX:XX|XXXX.XXXX.XXXX)) (aarp|appletalk|decnet- iv|diagnostic|etype-6000|etype-8042 |ip4|ip6|lat|lavc-sca|mop-console|mop- dump|vines-echo|WORD|) (cos <0-7>|)(vlan <1-4094>|) (inner-vlan <1-4094>|) (log|) (sample|)

no (<1-268435453>)    

Parameter

 

deny

Drop the packet.

permit

Accept the packet.

<1-268435453>

IPv4 ACL sequence number.

any

Source/Destination any.

XX-XX-XX-XX-XX-XX

Source/Destination MAC address (Option 1).

XX:XX:XX:XX:XX:XX

Source/Destination MAC address (Option 2).

XXXX.XXXX.XXXX

Source/Destination MAC address (Option 3).

XX-XX-XX-XX-XX-XX

Source/Destination wildcard (Option1).

XX:XX:XX:XX:XX:XX

Source/Destination wildcard (Option2).

XXXX.XXXX.XXXX

Source/Destination wildcard (Option3).

host

A single source/destination host.

aarp

Ethertype - 0x80f3.

appletalk

Ethertype - 0x809b.

decnet-iv

Ethertype - 0x6003.

diagnostic

Ethertype - 0x6005.

etype-6000

Ethertype - 0x6000.

etype-8042

Ethertype - 0x8042.

ip4

Ethertype - 0x0800.

ip6

Ethertype - 0x86dd.

lat

Ethertype - 0x6004.

lavc-sca

Ethertype - 0x6007.

mop-console

Ethertype - 0x6002.

mop-dump

Ethertype - 0x6001.

vines-echo

Ethertype - 0x0baf.

WORD

Any Ethertype value.

cos <0-7>

Cos value.

vlan <1-4094>

VLAN identifier.

inner-vlan <1-4094>

 

Inner-VLAN identifier.

log

Log the packets matching the filter (in-direction only).

sample

Sample the packets matching the filter (in-direction only).

Default

None

Command Mode

MAC ACL mode

Applicability

This command was introduced before OcNOS version 1.3.

Examples

Copy

#configure terminal
(config)#mac access-list mac-acl-01
(config-mac-acl)#permit 0000.1234.1234 0000.0000.0000 any 
            

(config-mac-acl)#permit 0000.1234.1234 0000.0000.0000 any sample