EasyManuals Logo
Home>Cisco>Firewall>5510 - ASA SSL / IPsec VPN Edition

Cisco 5510 - ASA SSL / IPsec VPN Edition User Manual

Cisco 5510 - ASA SSL / IPsec VPN Edition
2164 pages
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Page #575 background imageLoading...
Page #575 background image
1-3
Cisco ASA Series CLI Configuration Guide
Chapter 1 Adding an EtherType Access List
Configuring EtherType Access Lists
Step 1 Create an access list by adding an ACE and applying an access list name, as shown in the “Adding
EtherType Access Lists” section on page 1-3.
Step 2 Apply the access list to an interface. (See the “Configuring Access Rules” section on page 1-7 for more
information.)
Adding EtherType Access Lists
To configure an access list that controls traffic based upon its EtherType, perform the following steps:
Detailed Steps
Command Purpose
access-list access_list_name ethertype
{deny | permit} {ipx | bpdu | mpls-unicast
| mpls-multicast | any | hex_number}
Example:
hostname(config)# hostname(config)#
access-list ETHER ethertype permit ipx
Adds an EtherType ACE.
The access_list_name argument lists the name or number of an access list.
When you specify an access list name, the ACE is added to the end of the
access list. Enter the access_list_name in upper case letters so that the
name is easy to see in the configuration. You might want to name the access
list for the interface (for example, INSIDE) or for the purpose (for
example, MPLS or PIX).
The permit keyword permits access if the conditions are matched. deny
denies access.
The ipx keyword specifies access to IPX.
The bpdu keyword specifies access to bridge protocol data units, which are
allowed by default.
The deny keyword denies access if the conditions are matched. If an
EtherType access list is configured to deny all, all ethernet frames are
discarded. Only physical protocol traffic, such as auto-negotiation, is still
allowed.
The mpls-multicast keyword specifies access to MPLS multicast.
The mpls-unicast keyword specifies access to MPLS unicast.
The any keyword specifies access to any traffic.
The hex_number argument indicates any EtherType that can be identified
by a 16-bit hexadecimal number greater than or equal to 0x600. (See RFC
1700, “Assigned Numbers,” at http://www.ietf.org/rfc/rfc1700.txt for a list
of EtherTypes.)
Note To remove an EtherType ACE, enter the no access-list command
with the entire command syntax string as it appears in the
configuration.

Table of Contents

Other manuals for Cisco 5510 - ASA SSL / IPsec VPN Edition

Preview: Configuration Guide
Configuration Guide1822 pages
Preview: Hardware Installation Guide
Hardware Installation Guide82 pages
Preview: Getting Started Guide
Getting Started Guide208 pages

Questions and Answers:

Question and Answer IconNeed help?

Do you have a question about the Cisco 5510 - ASA SSL / IPsec VPN Edition and is the answer not in the manual?

Cisco 5510 - ASA SSL / IPsec VPN Edition Specifications

General IconGeneral
BrandCisco
Model5510 - ASA SSL / IPsec VPN Edition
CategoryFirewall
LanguageEnglish

Related product manuals