561
Configuring Network Security with ACLs
How to Configure Network Security with ACLs
Creating Named MAC Extended ACLs
Applying a MAC ACL to a Layer 2 Interface
Command Purpose
1. configure terminal Enters global configuration mode.
2. mac access-list extended name Defines an extended MAC access list using a name.
3. {deny | permit} {any | host source MAC
address | source MAC address mask} {any |
host destination MAC address | destination
MAC address mask} [type mask | lsap lsap
mask | aarp | amber | dec-spanning |
decnet-iv | diagnostic | dsm | etype-6000 |
etype-8042 | lat | lavc-sca | mop-console |
mop-dump | msdos | mumps | netbios |
vines-echo |vines-ip | xns-idp | 0-65535]
[cos cos]
In extended MAC access-list configuration mode, specifies to
permit or deny any source MAC address, a source MAC address
with a mask, or a specific host source MAC address and any
destination MAC address, destination MAC address with a mask,
or a specific destination MAC address.
(Optional) You can also enter these options:
type
mask—Specifies an arbitrary EtherType number of a
packet with Ethernet II or SNAP encapsulation in decimal,
hexadecimal, or octal with optional mask of don’t care bits
applied to the EtherType before testing for a match.
lsap lsap mask—Specifies an LSAP number of a packet with
IEEE 802.2 encapsulation in decimal, hexadecimal, or octal
with optional mask of don’t care bits.
aarp | amber | dec-spanning | decnet-iv | diagnostic | dsm
| etype-6000 | etype-8042 | lat | lavc-sca | mop-console |
mop-dump | msdos | mumps | netbios | vines-echo
|vines-ip | xns-idp—Specifies a non-IP protocol.
cos cos—Specifies an IEEE 802.1Q cost of service number
from 0 to 7 used to set priority.
4. end Returns to privileged EXEC mode.
Command Purpose
1. configure terminal Enters global configuration mode.
2. interface interface-id Identifies a specific interface, and enters interface configuration
mode. The interface must be a physical Layer 2 interface (port
ACL).
3. mac access-group {name} {in} Controls access to the specified interface by using the MAC
access list.
Port ACLs are supported only in the inbound direction.
4. end Returns to privileged EXEC mode.
To Next Page
Loading...
Need help?
General