mac access-list filter
Use this command to define an access control entry (ACE) in a MAC access control list (ACL) that determines whether to permit or deny packets with the given source and destination MAC, ethertype, CoS, and VLAN identifiers.
Use the no form of this command to remove an ACL specification. ACL specification can be removed using the sequence number as well.
Note:	Configuring same filter again with change of sequence number or change of action will result in update of sequence number or filter action.
Command Syntax
(<1-268435453>|)(deny|permit) (any | (XX-XX-XX-XX-XX- XX|XX:XX:XX:XX:XX:XX|XXXX.XXXX.XXXX) (XX-XX-XX-XX-XX- XX|XX:XX:XX:XX:XX:XX|XXXX.XXXX.XXXX) | host (XX-XX-XX-XX-XX- XX|XX:XX:XX:XX:XX:XX|XXXX.XXXX.XXXX)) (any | (XX-XX-XX-XX-XX- XX|XX:XX:XX:XX:XX:XX|XXXX.XXXX.XXXX) (XX-XX-XX-XX-XX- XX|XX:XX:XX:XX:XX:XX|XXXX.XXXX.XXXX) | host (XX-XX-XX-XX-XX- XX|XX:XX:XX:XX:XX:XX|XXXX.XXXX.XXXX)) (aarp|appletalk|decnet- iv|diagnostic|etype-6000|etype-8042 |ip4|ip6|mpls|lat|lavc-sca|mop-console|mop- dump|vines-echo|WORD|) (cos <0-7>|)(vlan <1-4094>|) (inner-vlan <1-4094>|) (log|) (sample|)
no (<1-268435453>|)(deny|permit) (any | (XX-XX-XX-XX-XX- XX|XX:XX:XX:XX:XX:XX|XXXX.XXXX.XXXX) (XX-XX-XX-XX-XX- XX|XX:XX:XX:XX:XX:XX|XXXX.XXXX.XXXX) | host (XX-XX-XX-XX-XX- XX|XX:XX:XX:XX:XX:XX|XXXX.XXXX.XXXX)) (any | (XX-XX-XX-XX-XX- XX|XX:XX:XX:XX:XX:XX|XXXX.XXXX.XXXX) (XX-XX-XX-XX-XX- XX|XX:XX:XX:XX:XX:XX|XXXX.XXXX.XXXX) | host (XX-XX-XX-XX-XX- XX|XX:XX:XX:XX:XX:XX|XXXX.XXXX.XXXX)) (aarp|appletalk|decnet- iv|diagnostic|etype-6000|etype-8042 |ip4|ip6|mpls|lat|lavc-sca|mop-console|mop- dump|vines-echo|WORD|) (cos <0-7>|)(vlan <1-4094>|) (inner-vlan <1-4094>|) (log|) (sample|)
no (<1-268435453>)
Parameters
deny
Drop the packet.
permit
Accept the packet.
<1-268435453>
IPv4 ACL sequence number.
any
Source/Destination any.
XX-XX-XX-XX-XX-XX
 
Source/Destination MAC address (Option 1).
XX:XX:XX:XX:XX:XX
 
Source/Destination MAC address (Option 2). 
XXXX.XXXX.XXXX
 
Source/Destination MAC address (Option 3). 
XX-XX-XX-XX-XX-XX
 
Source/Destination wildcard (Option1).
XX:XX:XX:XX:XX:XX
 
Source/Destination wildcard (Option2). 
XXXX.XXXX.XXXX
 
Source/Destination wildcard (Option3). 
host
A single source/destination host.
aarp
Ethertype - 0x80f3. 
appletalk
Ethertype - 0x809b. 
decnet-iv
Ethertype - 0x6003. 
diagnostic
Ethertype - 0x6005. 
etype-6000
Ethertype - 0x6000. 
etype-8042
Ethertype - 0x8042. 
ip4
Ethertype - 0x0800. 
ip6
Ethertype - 0x86dd. 
mpls
Ethertype - 0x8847. 
lat
Ethertype - 0x6004. 
lavc-sca
Ethertype - 0x6007. 
mop-console
Ethertype - 0x6002. 
mop-dump
Ethertype - 0x6001. 
vines-echo
Ethertype - 0x0baf. 
WORD
Any Ethertype value. 
cos <0-7>
Cos value.
vlan <1-4094>
VLAN identifier.
inner-vlan <1-4094>
 
Inner-VLAN identifier.
log
Log the packets matching the filter (in-direction only).
sample
Sample the packets matching the filter (in-direction only).
Command Mode
MAC access-list mode
Applicability
This command was introduced before OcNOS version 1.3.
Examples
#configure terminal
(config)#mac access-list mac-acl-01
(config-mac-acl)#permit 0000.1234.1234 0000.0000.0000 any sample
Last modified date: 07-14-2023