6 access-list(mac-ip extended) – Accton Technology ES4626 User Manual
Page 758
758
is the access-list No. which is a decimal’s No. from 1100-1199; deny if rules are
matching, deny access; permit if rules are matching, permit access;
any source address;
source MAC address;
address;
(reverse mask) of destination MAC address; untagged-eth2 format of untagged ethernet
II packet; tagged-eth2 format of tagged ethernet II packet; untagged-802-3 format of
untagged ethernet 802.3 packet; tagged-802-3 format of tagged ethernet 802.3 packet;
Offset(x)
the offset from the packet head, the range is (12-79), the windows must start
from the back of source MAC, and the windows cannot superpose each other, and that is
to say: Offset(x+1) must be longer than Offset(x)+len(x); Length(x) length is 1-4 ,
and Offset(x)+Length(x) must be no longer than 80(currently must be no longer
64); Value(x) hex expression, Value range
: when Length(x) =1, it is 0-ff , when
Length(x)
=2, it is 0-ffff , when Length(x) =3, it is0-ffffff, when Length(x) =4, it is 0-ffffffff ;
For Offset(x), different types of data frames are with different value ranges:
for untagged-eth2 type frame: <12~52>
for untagged-802.2 type frame: <12~60>
for untagged-eth2 type frame: <12~56>
for untagged-eth2 type frame: <12~64>
Command Mode:
Global mode
Default Configuration :
No access-list configured
Usage Guide
: When the user assign specific <num> for the first time, ACL of the serial
number is created, then the lists are added into this ACL.
Examples:
Permit tagged-eth2 with any source MAC addresses and any destination
MAC addresses and the packets whose 15
th
and 16
th
byte is 0x08 , 0x0 to pass, and
Switch(Config)#access-list 1100 permit any-source-mac any-destination-mac tagged-eth2
14 2 0800
18.2.2.6 access-list(mac-ip extended)
Command:
access-list
{host-source-mac
{any-destination-mac|{host-destination-mac
{{
{{
{host-destination