3com 3CRUS2475 Manuale Utente
deny (MAC)
49
User Guidelines
Before an Access Control Element (ACE) is added to an ACL, all packets
are permitted. After an ACE is added, an implied deny-any-any
condition exists at the end of the list and those packets that do not match
the conditions defined in the permit statement are denied.
are permitted. After an ACE is added, an implied deny-any-any
condition exists at the end of the list and those packets that do not match
the conditions defined in the permit statement are denied.
If the VLAN ID is specified, the policy map cannot be connected to the
VLAN interface.
VLAN interface.
Example
The following example shows how to create a MAC ACL with permit
rules.
rules.
deny (MAC)
The deny MAC-Access List Configuration mode command denies traffic
if the conditions defined in the deny statement match.
if the conditions defined in the deny statement match.
Syntax
deny [disable-port] {any | {source source-wildcard} {any | {destination
destination- wildcard}}[vlan vlan-id] [cos cos cos-wildcard] [ethtype
eth-type]
destination- wildcard}}[vlan vlan-id] [cos cos cos-wildcard] [ethtype
eth-type]
Parameters
■
disable-port — Indicates that the port is disabled if the statement is
deny.
deny.
■
source — Specifies the MAC address of the host from which the
packet was sent.
packet was sent.
■
source-wildcard — (Optional for the first type) Specifies wildcard bits
by placing 1s in bit positions to be ignored.
by placing 1s in bit positions to be ignored.
■
destination — Specifies the MAC address of the host to which the
packet is being sent.
packet is being sent.
■
destination-wildcard — (Optional for the first type) Specifies wildcard
bits by placing 1s in bit positions to be ignored.
bits by placing 1s in bit positions to be ignored.
■
vlan-id — Specifies the ID of the packet vlan.
■
cos — Specifies the packets’s Class of Service (CoS).
Console(config)# mac access-list macl-acl1
Console(config-mac-al)# permit 6:6:6:6:6:6 0:0:0:0:0:0 any
vlan 6