3com 3CRUS2475 Manuale Utente
50
C
HAPTER
3: ACL C
OMMANDS
■
cos-wildcard — Specifies wildcard bits to be applied to the CoS.
■
eth-type — Specifies the packet’s Ethernet type.
Default Configuration
This command has no default configuration.
Command Mode
MAC-Access List Configuration mode
User Guidelines
MAC BPDU packets cannot be denied.
This command defines an Access Control Element (ACE). An ACE can
only be removed by deleting the ACL, using the no mac access-list
Global Configuration mode command. Alternatively, the Web-based
interface can be used to delete ACEs from an ACL.
only be removed by deleting the ACL, using the no mac access-list
Global Configuration mode command. Alternatively, the Web-based
interface can be used to delete ACEs from an ACL.
Before an Access Control Element (ACE) is added to an ACL, all packets
are permitted. After an ACE is added, an implied deny-any-any
condition exists at the end of the list and those packets that do not match
the conditions defined in the permit statement are denied.
are permitted. After an ACE is added, an implied deny-any-any
condition exists at the end of the list and those packets that do not match
the conditions defined in the permit statement are denied.
If the VLAN ID is specified, the policy map cannot be connected to the
VLAN interface.
VLAN interface.
Example
The following example shows how to create a MAC ACL with deny rules
on a device.
on a device.
service-acl
The service-acl Interface Configuration mode command applies an ACL
to the input interface. To detach an ACL from an input interface, use the
no form of this command.
to the input interface. To detach an ACL from an input interface, use the
no form of this command.
Syntax
service-acl {input acl-name}
no service-acl {input}
Console(config)# mac access-list macl1
Console (config-mac-acl)# deny 6:6:6:6:6:6:0:0:0:0:0:0 any