24 permit | deny(mac-ip extended), Permit, Deny – PLANET XGS3-24040 User Manual

Commands for Security Function Chapter 2 Commands for 802.1x

41-17

Notice: mask bit is consecutive means the effective bit must be consecutively effective from the first bit

on the left, no ineffective bit can be added through. For example: the reverse mask format of one byte is:

00001111b; mask format is 11110000; and this is not permitted: 00010011.

Command Mode: Name extended MAC access-list configuration mode

Default configuration: No access-list configured.

Example: The forward source MAC address is not permitted as 00-12-11-23-XX-XX of 802.3 data

packet.

Switch(config)# mac-access-list extended macExt

Switch(Config-Mac-Ext-Nacl-macExt)#deny 00-12-11-23-00-00

00-00-00-00-ff-ff

any-destination-mac untagged-802-3

Switch(Config-Mac-Ext-Nacl-macExt)# deny 00-12-11-23-00-00 00-00-00-00-ff-ff

any tagged-802

41.24 permit | deny(mac-ip extended)

Command:

[no] {deny|permit}

{any-source-mac|{host-source-mac}|{}}

{any-destination-mac|{host-destination-mac}|{}}

icmp{{}|any-source|{host-source}}

{{}|any-destination|{host-destination }}

[

[]] [precedence ] [tos

][time-range]

[no]{deny|permit}

{any-source-mac|{host-source-mac}|{}}

{any-destination-mac|{host-destination-mac}|{}}

igmp{{}|any-source| {host-source}}

{{}|any-destination|{host-destination }}

[] [precedence ] [tos ][time-range]

[no]{deny|permit}{any-source-mac|{host-source-mac

}| {

}}{any-destination-mac|{host-destination-mac

}|{

}}tcp{{

}|any-source| {host-source

}}[s-port { | range }] {{

} | any-destination| {host-destination }} [d-port

{ | range }] [ack ＋ fin ＋ psh ＋ rst ＋ urg ＋ syn] [precedence

] [tos ][time-range ]