3Com 3CRUS2475 Plumbing Product User Manual


 
deny (MAC) 49
User Guidelines
Before an Access Control Element (ACE) is added to an ACL, all packets
are permitted. After an ACE is added, an implied deny-any-any
condition exists at the end of the list and those packets that do not match
the conditions defined in the permit statement are denied.
If the VLAN ID is specified, the policy map cannot be connected to the
VLAN interface.
Example
The following example shows how to create a MAC ACL with permit
rules.
deny (MAC) The deny MAC-Access List Configuration mode command denies traffic
if the conditions defined in the deny statement match.
Syntax
deny [disable-port] {any | {source source-wildcard} {any | {destination
destination- wildcard}}[vlan vlan-id] [cos cos cos-wildcard] [ethtype
eth-type]
Parameters
disable-port — Indicates that the port is disabled if the statement is
deny.
source — Specifies the MAC address of the host from which the
packet was sent.
source-wildcard — (Optional for the first type) Specifies wildcard bits
by placing 1s in bit positions to be ignored.
destination — Specifies the MAC address of the host to which the
packet is being sent.
destination-wildcard — (Optional for the first type) Specifies wildcard
bits by placing 1s in bit positions to be ignored.
vlan-id — Specifies the ID of the packet vlan.
cos — Specifies the packets’s Class of Service (CoS).
Console(config)#
mac access-list
macl-acl1
Console(config-mac-al)#
permit 6:6:6:6:6:6 0:0:0:0:0:0 any
vlan 6