Chapter 1
Configuring Security Access Control Lists
ACL Configuration Examples
Examples of EtherType ACLs
This section provides examples of EtherType ACLs. For details about configuring
an EtherType ACL, see the
"Configuring an EtherType ACL"
section.
The following example shows an ACL that allows common EtherTypes to
originate on the inside interface:
host1/Admin(config)# access-list ETHER ethertype permit ipv6
host1/Admin(config)# access-list ETHER ethertype permit bpdu
host1/Admin(config)# access-list ETHER ethertype permit mpls
host1/Admin(config)# interface vlan 100
host1/Admin(config-if)# access-group output ethertype ETHER
The following example shows an ACL that allows some EtherTypes through the
ACE but denies IPv6:
host1/Admin(config)# access-list ETHER ethertype deny ipv6
host1/Admin(config)# access-list ETHER ethertype permit bpdu
host1/Admin(config)# access-list ETHER ethertype permit mpls
host1/Admin(config)# interface vlan 100
host1/Admin(config-if)# access-group input ethertype ETHER
The following example shows an ACL that denies traffic with an EtherType
BPDU but allows all others on both interfaces:
host1/Admin(config)# access-list nonIP ethertype deny bpdu
host1/Admin(config)# access-list nonIP ethertype permit any
host1/Admin(config)# interface vlan 100
host1/Admin(config-if)# access-group input ethertype nonIP
Cisco 4700 Series Application Control Engine Appliance Security Configuration Guide
1-42
OL-16202-01