Configuration Guide Configuring ACL
acl-id: Indicates that a numbered MAC extended IP ACL will be applied to the interface.
acl-name: Indicates that a named MAC extended IP ACL will be applied to the interface.
in: Indicates that this ACL controls incoming L2 packets of the interface.
out: Indicates that this ACL controls outgoing L2 packets of the interface.
Interface configuration mode
This command makes an MAC extended ACL take effect on the incoming or outgoing packets of a specified
interface.
Configuration Example
The following configuration example describes only ACL-related configurations.
 Configuring an MAC Extended ACL to Restrict Resources Accessible by Visitors
 Configure an MAC extended ACL.
 Add ACEs to the MAC extended ACL.
 Apply the MAC extended ACL to the outgoing direction of the interface connected to the visitor area so
that visitors are allowed to access Internet and the public server of the company, but prohibited from
accessing the financial data server of the company. That is, visitors cannot access the server with the
MAC address 00e0.f800.000d.
sw1(config)#mac access-list extended 700
sw1(config-mac-nacl)#deny any host 00e0.f800.000d
sw1(config-mac-nacl)#pemit any any
sw1(config-mac-nacl)#exit
sw1(config)#int gigabitEthernet 0/2
sw1(config-if-GigabitEthernet 0/2)#mac access-group 700 in
To Next Page
Loading...
Need help?
General
