Cisco WS-C3560E-48PD-SF Command Reference - Page 332
mac access-list extended, deny MAC access-list, configuration, show access-lists
View all Cisco WS-C3560E-48PD-SF manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 332 highlights
permit (MAC access-list configuration) Chapter 2 Catalyst 3560 Switch Cisco IOS Commands Usage Guidelines You enter MAC access-list configuration mode by using the mac access-list extended global configuration command. If you use the host keyword, you cannot enter an address mask; if you do not use the any or host keywords, you must enter an address mask. After an access control entry (ACE) is added to an access control list, an implied deny-any-any condition exists at the end of the list. That is, if there are no matches, the packets are denied. However, before the first ACE is added, the list permits all packets. For more information about MAC-named extended access lists, see the software configuration guide for this release. Examples This example shows how to define the MAC-named extended access list to allow NETBIOS traffic from any source to MAC address 00c0.00a0.03fa. Traffic matching this list is allowed. Switch(config-ext-macl)# permit any host 00c0.00a0.03fa netbios This example shows how to remove the permit condition from the MAC-named extended access list: Switch(config-ext-macl)# no permit any 00c0.00a0.03fa 0000.0000.0000 netbios This example permits all packets with Ethertype 0x4321: Switch(config-ext-macl)# permit any any 0x4321 0 You can verify your settings by entering the show access-lists privileged EXEC command. Related Commands Command deny (MAC access-list configuration) mac access-list extended show access-lists Description Denies non-IP traffic to be forwarded if conditions are matched. Creates an access list based on MAC addresses for non-IP traffic. Displays access control lists configured on a switch. 2-300 Catalyst 3560 Switch Command Reference 78-16405-05