DES-7200 Configuration Guide Chapter 1 Access Control List
Configuration
1-11
1.3.1 Configuration Guide of
Extended MAC
Address-based Access
Control List
When you create an expert access list, defined rules will be applied to all packet
messages on a switch. The switch decides whether to forward or block a packet
messages by judging whether the packet matches a rule.
The typical rules defined in MAC access lists are the following:
Source MAC address
Destination MAC address
Ethernet protocol type
Time-range
The MAC extended access list (number 700 – 799) forwards or blocks the packets
based on the source and destination MAC addresses, and can also match the Ethernet
protocol type.
A single MAC access list can use multiple separate access list sentences to define
multiple rules. Where, all sentences use a same number or name to bind these
sentences to a same access list.
1.3.2 Configuring Extended MAC
Address-based Access
Control List
The configuration of an MAC access list includes the following steps:
1. Define an MAC access list
2. Apply the access list to a specific interface
There are two methods to configure an MAC access list.
Method 1: Run the following command in the global configuration mode:
Command Function
DES-7200(config)# access-list id {deny |
permit}{any | host src-mac-addr} {any | host
dst-mac-addr} [ethernet-type] [cos cos]
Define an access list. For details about
commands, please see command
reference.
DES-7200(config)# interface interface
Select the interface to which the access list
is to be applied.
DES-7200(config-if)# mac access-group id
{ in | out }
Apply the access list to the specific
interface