deny
deny
Use the deny MAC access list configuration command to prevent non-IP traffic from being forwarded
if the conditions are matched. Use the no form of this command to remove a deny condition from the
named MAC access list.
Note
Though visible in the command-line help strings, appletalk is not supported as a matching condition,
nor is matching on any SNAP-encapsulated packet with a non-zero Organizational Unique Identifier
(OUI).
Syntax Description
any
host src MAC-addr |
src-MAC-addr mask
host dst-MAC-addr |
dst-MAC-addr mask
type mask
aarp
amber
cos cos
dec-spanning
decnet-iv
diagnostic
dsm
etype-6000
etype-8042
Catalyst 3550 Multilayer Switch Command Reference
2-72
{deny | permit} {any | host src-MAC-addr | src-MAC-addr mask} {any | host dst-MAC-addr |
dst-MAC-addr mask} [type mask | aarp | amber | cos cos | dec-spanning | decnet-iv |
diagnostic | dsm | etype-6000 | etype-8042 | lat | lavc-sca | lsap lsap mask |mop-console |
mop-dump | msdos | mumps | netbios | vines-echo | vines-ip | xns-idp]
no {deny | permit} {any | host src-MAC-addr | src-MAC-addr mask} {any | host dst-MAC-addr |
dst-MAC-addr mask} [type mask | aarp | amber | cos cos | dec-spanning | decnet-iv |
diagnostic | dsm | etype-6000 | etype-8042 | lat | lavc-sca | lsap lsap mask | mop-console |
mop-dump | msdos | mumps | netbios | vines-echo | vines-ip | xns-idp]
Keyword to specify to deny any source or destination MAC address.
Define a host MAC address and optional subnet mask. If the source
address for a packet matches the defined address, non-IP traffic from that
address is denied.
Define a destination MAC address and optional subnet mask. If the
destination address for a packet matches the defined address, non-IP
traffic to that address is denied.
(Optional) Use the Ethertype number of a packet with Ethernet II or
SNAP encapsulation to identify the protocol of the packet.
The type is 0 to 65535, typically specified in hexadecimal.
The mask is a mask of don't care bits applied to the Ethertype before
testing for a match.
(Optional) Select Ethertype AppleTalk Address Resolution Protocol that
maps a data-link address to a network address.
(Optional) Select EtherType DEC-Amber.
(Optional) Select a class of service (CoS) number from 0 to 7 to set
priority. Filtering on CoS can be performed only in hardware. A warning
message reminds the user if the cos option is configured.
(Optional) Select EtherType Digital Equipment Corporation (DEC)
spanning tree.
(Optional) Select EtherType DECnet Phase IV protocol.
(Optional) Select EtherType DEC-Diagnostic.
(Optional) Select EtherType DEC-DSM.
(Optional) Select EtherType 0x6000.
(Optional) Select EtherType 0x8042.
Chapter 2
Catalyst 3550 Switch Cisco IOS Commands
OL-8566-02