Configuring ACL
ACL Configuration
User Guide
607
Step 2
access-list create
acl-id
[name
acl-name
]
Create a MAC ACL.
acl-id:
Enter an ACL ID. The ID ranges from 0 to 499.
acl-name:
Enter a name to identify the ACL.
Step 3
access-list mac
acl-id-or-name
rule
{ auto |
rule-id } { deny | permit }
logging
{enable | disable}
[
smac
source-mac
smask
source-mac-mask ] [
dmac
destination-mac
dmask
destination-
mac-mask ] [
type
ether-type] [
pri
dot1p-priority] [
vid
vlan-id] [
tseg
time-range-name]
Add a MAC ACL Rule.
acl-id-or-name
: Enter the ID or name of the ACL that you want to add a rule for.
auto:
The rule ID will be assigned automatically and the interval between rule IDs is 5.
rule-id
: Assign an ID to the rule.
deny | permit
: Specify the action to be taken with the packets that match the rule. By default, it
is set to permit. The packets will be discarded if “deny” is selected and forwarded if “permit” is
selected.
logging
{enable | disable}
: Enable or disable Logging function for the ACL rule. If "enable" is
selected, the times that the rule is matched will be logged every 5 minutes. With ACL Counter
trap enabled, a related trap will be generated if the matching times changes.
source-mac
: Enter the source MAC address. The format is FF:FF:FF:FF:FF:FF.
source-mac-mask
: Enter the mask of the source MAC address. This is required if a source
MAC address is entered. The format is FF:FF:FF:FF:FF:FF.
destination-mac
: Enter the destination MAC address. The format is FF:FF:FF:FF:FF:FF.
destination-mac-mask
: Enter the mask of the destination MAC address. This is required if a
destination MAC address is entered. The format is FF:FF:FF:FF:FF:FF.
ether-type
: Specify an Ethernet-type with 4 hexadecimal numbers.
dot1p-priority
: The user priority ranges from 0 to 7. The default is No Limit.
vlan-id
: The VLAN ID ranges from 1 to 4094.
time-range-name
: The name of the time-range. The default is No Limit.
Step 4
exit
Return to global configuration mode.
Step 5
show access-list
[
acl-id-or-name ]
Display the current ACL configuration.
acl-id-or-name
: The ID number or name of the ACL.
Step 6
end
Return to privileged EXEC mode.
Downloaded from