Cisco Catalyst 2950 Software Configuration Manual page 478
Hide thumbs
Also See for Catalyst 2950:
- Configuration manual (710 pages) ,
- Command reference manual (686 pages) ,
- Software configuration manual (674 pages)
Table of Contents
Advertisement
Configuring QoS
This example shows how to create an ACL that permits only TCP traffic from the destination IP address
128.88.1.2 with TCP port number 25:
Switch(config)# access-list 102 permit tcp 0.0.0.0 255.255.255.255 128.88.1.2 0.0.0.0 eq
25
Beginning in privileged EXEC mode, follow these steps to create a Layer 2 MAC ACL for Layer 2
traffic:
Command
Step 1
configure terminal
Step 2
mac access-list extended name
Step 3
{deny | permit} {any | host source MAC
address} {any | host destination MAC
address} [ aarp | amber | appletalk |
dec-spanning | decnet-iv | diagnostic | dsm |
etype-6000 | etype-8042 | lat | lavc-sca |
mop-console | mop-dump | msdos | mumps
| netbios | vines-echo |vines-ip | xns-idp]
Step 4
end
Step 5
show access-lists [number | name]
Step 6
copy running-config startup-config
To delete an ACL, use the no mac access-list extended access-list-name global configuration command.
This example shows how to create a Layer 2 MAC ACL with a permit statement. The statement allows
traffic from the host with MAC address 0001.0000.0001 to the host with MAC address 0002.0000.0001.
Switch(config)# mac access-list extended maclist1
Switch(config-ext-macl)# permit host 0001.0000.0001 host 0002.0000.0001
Catalyst 2950 Desktop Switch Software Configuration Guide
24-16
Purpose
Enter global configuration mode.
Create a Layer 2 MAC ACL by specifying the name of the list.
After entering this command, the mode changes to extended MAC
ACL configuration.
Enter deny or permit to specify whether to deny or permit access if
conditions are matched.
For source MAC address, enter the MAC address of the host from
which the packet is being sent. You specify this by using the any
keyword to deny any source MAC address or by using the host
keyword and the source in the hexadecimal format (H.H.H).
For destination MAC address, enter the MAC address of the host to
which the packet is being sent. You specify this by using the any
keyword to deny any destination MAC address or by using the host
keyword and the destination in the hexadecimal format (H.H.H).
(Optional) You can also enter these options:
aarp | amber | appletalk | dec-spanning | decnet-iv |
diagnostic | dsm | etype-6000 | etype-8042 | lat | lavc-sca |
mop-console | mop-dump | msdos | mumps | netbios |
vines-echo |vines-ip | xns-idp (a non-IP protocol).
Note
Deny statements are not supported for QoS ACLS. See the
"Classification Based on QoS ACLs" section on page 24-5
for more details.
Return to privileged EXEC mode.
Verify your entries.
(Optional) Save your entries in the configuration file.
Chapter 24
Configuring QoS
78-11380-04
Advertisement
Table of Contents
Troubleshooting
