PLANET XGS3-24042 User Manual
Page 957
47-23
[no]{deny|permit}{any-source-mac|{host-source-mac
[no]{deny|permit} {any-source-mac|{host-source-mac
[
[no]{deny|permit}{any-source-mac|{host-source-mac
[
Functions:
Define an extended name MAC ACL rule, and no command deletes this extended name IP access
rule.
Parameters:
any-source-mac: any source of MAC address; any-destination-mac: any destination of MAC
address; host_smac, smac: source MAC address; smac-mask: mask (reverse mask) of source
MAC address; host_dmac, dmas destination MAC address; dmac-mask mask (reverse mask) of
destination MAC address; untagged-eth2 format of untagged ethernet II packet; tagged-eth2
format of tagged ethernet II packet; untagged-802-3 format of untagged ethernet 802.3 packet;
tagged-802-3 format of tagged ethernet 802.3 packet; cos-val: cos value, 0-7; cos-bitmask: cos
mask, 0-7reverse mask and mask bit is consecutive; vid-value: VLAN No, 1-4094; vid-bitmask:
VLAN mask, 0-4095, reverse mask and mask bit is consecutive; protocol: specific Ethernet
protocol No., 1536-65535; protocol-bitmask: protocol mask, 0-65535, reverse mask and mask bit
is consecutive.
Notice:
mask bit is consecutive means the effective bit must be consecutively effective from the first bit on
the left, no ineffective bit can be added through. For example: the reverse mask format of one byte
is: 00001111b; mask format is 11110000; and this is not permitted: 00010011.
Command Mode:
Name extended MAC access-list configuration mode
Default configuration:
No access-list configured.
Example:
The forward source MAC address is not permitted as 00-12-11-23-XX-XX of 802.3 data packet.
Switch(config)# mac-access-list extended macExt
Switch(Config-Mac-Ext-Nacl-macExt)#deny 00-12-11-23-00-00 00-00-00-00-ff-ff