Quick Reference Guide
82 ACL Commands
•
cos
— Specifies the packets’s Class of Service (CoS). (Range: 0 - 7)
•
cos-wildcard
— Specifies wildcard bits to be applied to the CoS.
•
eth-type
— Specifies the packet’s Ethernet type in hexadecimal format. (Range: 0 - 05dd-ffff)
•
inner-vlan
vlan id
— Specifies the inner vlan id of a double tagged packet.
Default Configuration
No MAC Access List is defined.
Command Mode
MAC-Access List Configuration mode.
User Guidelines
• The MAC ACL Global Configuration command allows access to the IP-Access List Configuration
mode.
• Before an Access Control Element (ACE) is added to an ACL, all packets are permitted. After an ACE
is added, an implied
deny-any-any
condition exists at the end of the list and those packets that do not
match the conditions defined in the permit statement are denied.
Example
The following example shows how to create a MAC ACL with deny rules on a device.
service-acl
The service-acl Interface Configuration (Ethernet, port-channel) mode command applies an ACL to the
input interface. Use the no form of this command to detach an ACL from an input interface.
Syntax
•
service-acl
{
input
acl-name | acl-name
}
•
no
service-acl
{
input
}
•
input
— Applies the specified ACL to the input interface.
Default Configuration
This command has no default configuration.
Command Mode
Interface Configuration (Ethernet, port-channel) mode.
Console(config)# mac access-list macl1
Console (config-mac-acl)# deny 6:6:6:6:6:6:0:0:0:0:0:0 any
5400_CLI.book Page 82 Wednesday, December 17, 2008 4:33 PM