Chapter2
Cisco IOS Commands for the Catalyst 4500 Series Switches
mac access-list extended
To define extended MAC access lists, use the mac access-list extended command. To remove MAC
access lists, use the no form of this command.
Syntax Description
name
Defaults
MAC access lists are not defined.
Command Modes
Global configuration
Command History
Release
12.1(12c)EW
Usage Guidelines
When you enter the ACL name, follow these naming conventions:
•
•
•
•
•
When you enter the mac access-list extended name command, you use the [no] {permit | deny}
{{src-mac mask | any} [dest-mac mask]} [protocol-family {appletalk | arp-non-ipv4 | decnet | ipx |
ipv6 | rarp-ipv4 | rarp-non-ipv4 | vines | xns}] subset to create or delete entries in a MAC layer access
list.
Table2-7
Table2-7
Subcommand
deny
no
permit
src-mac mask
any
78-16201-01
mac access-list extended name
no mac access-list extended name
ACL to which the entry belongs.
Modification
Support for this command was introduced on the Catalyst 4500 series switch.
Maximum of 31 characters long and can include a-z, A-Z, 0-9, the dash character (-), the underscore
character (_), and the period character (.)
Must start with an alpha character and must be unique across all ACLs of all types
Case sensitive
Cannot be a number
Must not be a keyword; keywords to avoid are all, default-action, map, help, and editbuffer
describes the syntax of the mac access-list extended subcommands.
mac access-list extended Subcommands
Description
Prevents access if the conditions are matched.
(Optional) Deletes a statement from an access list.
Allows access if the conditions are matched.
Source MAC address in the form:
source-mac-address source-mac-address-mask.
Specifies any protocol type.
Catalyst4500 Series SwitchCiscoIOS Command Reference—Release 12.2(18)EW
mac access-list extended
2-163