4
127
User Guidelines
A MAC ACL is defined by a unique name. IPv4 ACL, IPv6 ACL, MAC ACL or policy
maps cannot have the same name
If ace-priority is omitted, the system sets the rule's priority to the current highest
priority ACE (in the current ACL) + 20. The ACE-priority must be unique per ACL.If
the user types already existed priority, then the command is rejected.
Example
switchxxxxxx(config)# mac access-list extended server1
switchxxxxxx(config-mac-al)# permit 00:00:00:00:00:01 00:00:00:00:00:ff any
4.8
permit ( MAC )
Use the permit command in MAC Access-list Configuration mode to set permit
conditions (ACEs) for a MAC ACL. Use the no form of the command to remove the
access control entry.
Syntax
{any | source source-wildcard} {any | destination destination-wildcard}
permit
[
priority][eth-type 0 | aarp | amber | dec-spanning | decnet-iv |
ace-priority
diagnostic | dsm | etype-6000] [vlan vlan-id] [cos cos cos-wildcard] [
time-range-name]
[log-input]
{any | source source-wildcard} {any | destination destination-wildcard}
no permit
[eth-type 0 | aarp | amber | dec-spanning | decnet-iv | diagnostic | dsm | etype-6000]
[vlan vlan-id] [cos cos cos-wildcard] [
[log-input]
Parameters
•
source
—Source MAC address of the packet.
•
source-wildcard
Use 1s in the bit position that you want to be ignored.
•
destination
—Destination MAC address of the packet.
•
destination-wildcard
address. Use 1s in the bit position that you want to be ignored.
time-range
—Wildcard bits to be applied to the source MAC address.
—Wildcard bits to be applied to the destination MAC
OL-32830-01 Command Line Interface Reference Guide
ACL Commands
time-range
time-range-name]