767
means the address is the that the destination host address, otherwise the network IP
address; destination-wildcard: mask of destination. I Numbers of 32-bit binary system
expressed by decimal’s numbers with four-point separated, reverse mask;
s-port(optional): means the need to match TCP/UDP source port; port1(optional): value of
TCP/UDP source interface No., Interface No. is an integer from 0-65535; d-port(optional):
means need to match TCP/UDP destination interface; port3(optional): value of TCP/UDP
destination interface No., Interface No. is an integer from 0-65535; [ack] [fin] [psh] [rst]
[urg] [syn],(optional) only for TCP protocol,multi-choices of tag positions are available,
and when TCP data reports the configuration of corresponding position, then initialization
of TCP data report is enabled to form a match when in connection; precedence (optional)
packets can be filtered by priority which is a number from 0-7; tos (optional) packets can
be filtered by service type which ia number from 0-15; icmp-type (optional) ICMP
packets can be filtered by packet type which is a number from 0-255; icmp-code (optional)
ICMP packets can be filtered by packet code which is a number from 0-255; igmp-type
(optional) ICMP packets can be filtered by IGMP packet name or packet type which is a
number from 0-255; <time-range-name>, name of time range
Command Mode:
Global mode
Default Configuration:
no access-list configured
Usage Guide:
When the user assign specific <num>
for the first time, ACL of the serial
number is created, then the lists are added into this ACL.
Examples:
Permit the passage of TCP packet with source MAC 00-12-34-45-XX-XX, any
destination MAC address, source IP address 100.1.1.0 0.255.255.255, and source port
100 and destination interface 40000.
Switch(Config)#access-list 3199 permit 00-12-34-45-67-00 00-00-00-00-FF-FF
any-destination-mac tcp 100.1.1.0 0.255.255.255 s-port 100 any-destination d-port 40000
19.2.2.7 access-list(mac standard)
Command: access-list <num> {deny|permit} {any-source-mac | {host-source-mac
<host_smac> } | {<smac> <smac-mask>} }
no access-list <num>
Functions:
Define a standard numeric MAC ACL rule, ‘
no access-list <num>
’ command
deletes a standard numeric MAC ACL access-list rule
Parameters:
<num>
is the access-list No. which is a decimal’s No. from 700-799;
deny
if rules are matching, deny access;
permit
if rules are matching, permit access;
<host_smac>, <sumac>
source MAC address;
<sumac-mask>
mask (reverse mask) of
source MAC address
Command Mode:
Global mode
Default Configuration :
No access-list configured