Microsoft ES4612 Manuel D’Utilisation
Access Control List Commands
4-107
4
Example
This example shows how to create an Ingress MAC ACL and bind it to a port. You
can then see that the order of the rules have been changed by the mask.
can then see that the order of the rules have been changed by the mask.
This example creates an Egress MAC ACL.
Console(config)#access-list mac M4
Console(config-mac-acl)#permit any any
Console(config-mac-acl)#deny tagged-eth2 00-11-11-11-11-11
Console(config-mac-acl)#permit any any
Console(config-mac-acl)#deny tagged-eth2 00-11-11-11-11-11
ff-ff-ff-ff-ff-ff any vid 3
Console(config-mac-acl)#end
Console#show access-list
MAC access-list M4:
permit any any
deny tagged-eth2 host 00-11-11-11-11-11 any vid 3
Console(config)#access-list mac mask-precedence in
Console(config-mac-mask-acl)#mask pktformat ff-ff-ff-ff-ff-ff any vid
Console(config-mac-mask-acl)#exit
Console(config)#interface ethernet 1/12
Console(config-if)#mac access-group M4 in
Console(config-if)#end
Console#show access-list
MAC access-list M4:
deny tagged-eth2 host 00-11-11-11-11-11 any vid 3
permit any any
MAC ingress mask ACL:
mask pktformat host any vid
Console#
Console#show access-list
MAC access-list M4:
permit any any
deny tagged-eth2 host 00-11-11-11-11-11 any vid 3
Console(config)#access-list mac mask-precedence in
Console(config-mac-mask-acl)#mask pktformat ff-ff-ff-ff-ff-ff any vid
Console(config-mac-mask-acl)#exit
Console(config)#interface ethernet 1/12
Console(config-if)#mac access-group M4 in
Console(config-if)#end
Console#show access-list
MAC access-list M4:
deny tagged-eth2 host 00-11-11-11-11-11 any vid 3
permit any any
MAC ingress mask ACL:
mask pktformat host any vid
Console#
Console(config)#access-list mac M5
Console(config-mac-acl)#deny tagged-802.3 host 00-11-11-11-11-11 any
Console(config-mac-acl)#deny tagged-eth2 00-11-11-11-11-11
Console(config-mac-acl)#deny tagged-802.3 host 00-11-11-11-11-11 any
Console(config-mac-acl)#deny tagged-eth2 00-11-11-11-11-11
ff-ff-ff-ff-ff-ff any vid 3 ethertype 0806
Console(config-mac-acl)#end
Console#show access-list
MAC access-list M5:
deny tagged-802.3 host 00-11-11-11-11-11 any
deny tagged-eth2 host 00-11-11-11-11-11 any vid 3 ethertype 0806
Console(config)#access-list mac mask-precedence out
Console(config-mac-mask-acl)#mask pktformat ff-ff-ff-ff-ff-ff any vid
Console(config-mac-mask-acl)#exit
Console(config)#interface ethernet 1/5
Console(config-if)#mac access-group M5 out
Console(config-if)#end
Console#show access-list
MAC access-list M5:
deny tagged-eth2 host 00-11-11-11-11-11 any vid 3 ethertype 0806
deny tagged-802.3 host 00-11-11-11-11-11 any
MAC ingress mask ACL:
mask pktformat host any vid ethertype
Console#
Console#show access-list
MAC access-list M5:
deny tagged-802.3 host 00-11-11-11-11-11 any
deny tagged-eth2 host 00-11-11-11-11-11 any vid 3 ethertype 0806
Console(config)#access-list mac mask-precedence out
Console(config-mac-mask-acl)#mask pktformat ff-ff-ff-ff-ff-ff any vid
Console(config-mac-mask-acl)#exit
Console(config)#interface ethernet 1/5
Console(config-if)#mac access-group M5 out
Console(config-if)#end
Console#show access-list
MAC access-list M5:
deny tagged-eth2 host 00-11-11-11-11-11 any vid 3 ethertype 0806
deny tagged-802.3 host 00-11-11-11-11-11 any
MAC ingress mask ACL:
mask pktformat host any vid ethertype
Console#