EasyManuals Logo
Home>Cisco>Switch>Catalyst 3750-X

Cisco Catalyst 3750-X User Manual

Cisco Catalyst 3750-X
1438 pages
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Page #859 background imageLoading...
Page #859 background image
37-29
Catalyst 3750-X and 3560-X Switch Software Configuration Guide
OL-21521-01
Chapter 37 Configuring Network Security with ACLs
Creating Named MAC Extended ACLs
Beginning in privileged EXEC mode, follow these steps to create a named MAC extended ACL:
Use the no mac
access-list extended name global configuration command to delete the entire ACL. You
can also delete individual ACEs from named MAC extended ACLs.
This example shows how to create and display an access list named ma
c1, denying only EtherType
DECnet Phase IV traffic, but permitting all other types of traffic.
Switch(config)# mac access-list extended mac1
Switch(config-ext-macl)# deny any
any decnet-iv
Switch(config-ext-macl)# permit an
y any
Switch(config-ext-macl)# end
Switch # show access-lists
Extended MAC access list mac1
10 deny any any decnet-iv
20 permit any any
Command Purpose
Step 1
configure terminal Enter global configuration mode.
Step 2
mac access-list extended name Define an extended MAC access list using a name.
Step 3
{deny | permit} {any | host source MAC
address | source MAC address mask} {any |
host destination MAC address | destination
MAC address mask} [type mask | lsap lsap mask
| aarp | amber | dec-spanning | decnet-iv |
diagnostic | dsm | etype-6000 | etype-8042 | lat
| lavc-sca | mop-console | mop-dump | msdos |
mumps | netbios | vines-echo |vines-ip |
xns-idp | 0-65535] [cos cos]
In extended MAC access-list configuration mode, specify to
permit or deny any
source MAC address, a source MAC address
with a mask, or a specific host source MAC address and any
destination MAC address, destination MAC address with a mask,
or a specific destination MAC address.
(Optional) You can also enter these options:
• type mask—An arbitrary EtherType number of a packet with
Ethernet II or SNAP encapsulation in decimal, hexadecimal,
or octal with optional mask of don’t care bits applied to the
EtherType before testing for a match.
• lsap lsap mask—An LSAP number of a packet with
IEEE 802.2 encapsulation in decimal, hexadecimal, or octal
wit
h optional mask of don’t care bits.
• aarp | amber | dec-spanning | decnet-iv | diagnostic | dsm |
etype-6000 | etype-8042 | lat | lavc-sca | mop-console |
mop-dump | msdos | mumps | netbios | vines-echo |vines-ip
| xns-idp—A non-IP protocol.
• cos cos—An IEEE 802.1Q cost of service number from 0 to 7
used to set priority.
Step 4
end Return to privileged EXEC mode.
Step 5
show access-lists [number | name] Show the access list configuration.
Step 6
copy running-config startup-config (Optional) Save your entries in the configuration file.

Table of Contents

Other manuals for Cisco Catalyst 3750-X

Preview: Command Reference
Command Reference1244 pages
Preview: Message Guide
Message Guide150 pages

Questions and Answers:

Question and Answer IconNeed help?

Do you have a question about the Cisco Catalyst 3750-X and is the answer not in the manual?

Cisco Catalyst 3750-X Specifications

General IconGeneral
BrandCisco
ModelCatalyst 3750-X
CategorySwitch
LanguageEnglish

Related product manuals