5 access-list(mac extended), Access, List – PLANET XGS3-24040 User Manual
Page 733: Mac extended
Commands for Security Function Chapter 2 Commands for 802.1x
41-5
notation.
Command Mode: Global mode
Default: No access-lists configured.
Usage Guide: When the user assign specific
created, then the lists are added into this ACL.
Examples: Create a numeric standard IP access-list whose serial No. is 20, and permit date packets with
source address of 10.1.1.0/24 to pass, and deny other packets with source address of 10.1.1.0/16.
Switch(config)#access-list 20 permit 10.1.1.0 0.0.0.255
Switch(config)#access-list 20 deny 10.1.1.0 0.0.255.255
41.5 access-list(mac extended)
Command: access-list
| {
no access-list
Functions: Define a extended numeric MAC ACL rule, “no access-list
extended numeric MAC access-list rule.
Parameters:
access; permit if rules are matching, permit access;
address;
untagged ethernet II packet; tagged-eth2 format of tagged ethernet II packet; untagged-802-3 format
of untagged ethernet 802.3 packet; tagged-802-3 format of tagged ethernet 802.3 packet. Offset(x) the
offset from the packet head, the range is (12-79), the windows must start from the back of source MAC,
and the windows cannot superpose each other, and that is to say: Offset(x+1) must be longer than
Offset(x)+len(x); Length(x) length is 1-4 , and Offset(x)+Length(x) should not be longer than 80
(currently should not be longer than 64); Value(x) hex expression, Value range: when Length(x)
=1, it is 0-ff , when Length(x) =2, it is 0-ffff , when Length(x) =3, it is0-ffffff, when Length(x) =4, it is
0-ffffffff ;
For Offset(x), different types of data frames are with different value ranges:
for untagged-eth2 type frame: <12~52>
for untagged-802.2 type frame: <12~60>
for untagged-eth2 type frame: <12~56>
for untagged-eth2 type frame: <12~64>
Command Mode: Global mode
Default Configuration: No access-list configured
Usage Guide: When the user assign specific
created, then the lists are added into this ACL.