Mac-access-list extended configuration context
Syntax
[no] SEQ-NUM < permit | deny > < any | host > SRC-MAC | SRC-MAC-MASK < any | host > DST-MAC | DST-MAC-MASK < any | ETHERTYPE cos COS log
[no] [<SEQ-NUM>] permit {any| host <SRC-MAC>|<SRC-MAC> <SRC-MAC-MASK>} {any|host <DST-MAC> | <DST-MAC> <DST-MAC-MASK>} {any|ETHERTYPE} [cos <priority>|vlan <vlan-id>] [log]
[no] [<SEQ-NUM>] deny {any| host <SRC-MAC>|<SRC-MAC> <SRC-MAC-MASK>} {any|host <DST-MAC> | <DST-MAC> <DST-MAC-MASK>} {any|ETHERTYPE} [cos <priority>|vlan <vlan-id>] [log]
Used to configure an extended MAC ACL. The extended capabilities allow for matching on source MAC address, destination Mac address, EtherType, CoS, and VLAN. The VLAN value is only applicable when the MAC ACL is applied to a port or trunk interface.
- permit
-
Packets matching the specified Ethernet Header information.
- deny
-
Packets matching the specified Ethernet Header information.
- any
-
Match packets with any source/destination MAC address.
- host
-
Match packets with the specified source/destination MAC address.
- SRC-MAC
-
Match packets belonging to the specified source/destination MAC address range.
- SRC-MAC-MASK
-
The source MAC address group mask.
- DST-MAC-MASK
-
The destination MAC address group mask.
- <0x600-0xFFFF>
-
Match a specific EtherType protocol.
- aarp
-
AppleTalk Address Resolution Protocol (AARP)
- appletalk
-
AppleTalk/EtherTalk
- arp
-
Address Resolution Protocol (ARP)
- fcoe
-
Fibre Channel over Ethernet
- fcoe-init
-
Fibre Channel over Ethernet Initialization
- lldp
-
Link Layer Discovery Protocol
- ip
-
Internet Protocol Version 4
- ipv6
-
Internet Protocol Version 6
- ipx-arpa
-
IPX Advanced Research Projects Agency (ARPA)
- ipx-non-arpa
-
IPX non-ARPA
- is-is
-
Intermediate System to Intermediate System
- mpls-unicast
-
MPLS Unicast
- mpls-multicast
-
MPLS Multicast
- rbridge
-
RBridge Channel Protocol
- trill
-
IETF TRILL protocol
- wake-on-lan
-
Wake on LAN
- log
-
Log a debug message when the MAC ACL rule is hit.
- cos
-
Match packets with a specified 802.1Q Priority Code Point value.
- vlan
-
Match packets with the specified VLAN value.
- VLAN-ID
-
Match packets with the specified VLAN value.
- <0-7>
-
Match packets with a specified 802.1Q Priority Code Point value.
Similar Command
(config)#ip access-list extended 100