Mac-access-list extended configuration context
Syntax
[no] SEQ-NUM < permit | deny > < any | host > SRC-MAC | SRC-MAC-MASK < any | host > DST-MAC | DST-MAC-MASK < any | ETHERTYPE cos COS log
Used to configure an extended MAC ACL. The extended capabilities allow for matching on source MAC address, destination Mac address, EtherType, CoS, and VLAN. The VLAN value is only applicable when the MAC ACL is applied to a port or trunk interface.
- permit
Packets matching the specified Ethernet Header information.
- deny
Packets matching the specified Ethernet Header information.
- any
Match packets with any source/destination MAC address.
- host
Match packets with the specified source/destination MAC address.
- SRC-MAC
Match packets belonging to the specified source/destination MAC address range.
- SRC-MAC-MASK
The source MAC address group mask.
- DST-MAC-MASK
The destination MAC address group mask.
- <0x600-0xFFFF>
Match a specific EtherType protocol.
- aarp
AppleTalk Address Resolution Protocol (AARP)
- appletalk
AppleTalk/EtherTalk
- arp
Address Resolution Protocol (ARP)
- fcoe
Fibre Channel over Ethernet
- fcoe-init
Fibre Channel over Ethernet Initialization
- lldp
Link Layer Discovery Protocol
- ip
Internet Protocol Version 4
- ipv6
Internet Protocol Version 6
- ipx-arpa
IPX Advanced Research Projects Agency (ARPA)
- ipx-non-arpa
IPX non-ARPA
- is-is
Intermediate System to Intermediate System
- mpls-unicast
MPLS Unicast
- mpls-multicast
MPLS Multicast
- q-in-q
IEEE 802.1ad encapsulation
- rbridge
RBridge Channel Protocol
- trill
IETF TRILL protocol
- wake-on-lan
Wake on LAN
- log
Log a debug message when the MAC ACL rule is hit.
- cos
Match packets with a specified 802.1Q Priority Code Point value.
- vlan
Match packets with the specified VLAN value.
- VLAN-ID
Match packets with the specified VLAN value.
- <0-7>
Match packets with a specified 802.1Q Priority Code Point value.
Similar Command
(config)#ip access-list extended 100