Filter
Top Products
DES-7200 Configuration Guide Chapter 1 Access Control List
Configuration
1-13
DES-7200(config)# mac access-list extended mac-list
DES-7200(config-mac-nacl)# deny host 0013.2049.8272 any ipx
DES-7200(config-mac-nacl)# permit any any
DES-7200(config-mac-nacl)# exit
DES-7200(config)# interface gigabitEthernet 0/1
DES-7200(config-if)# mac access-group mac-list in
DES-7200(config-if)# end
DES-7200# show access-lists
mac access-list extended mac-list
deny host 0013.2049.8272 any ipx
permit any any
DES-7200#
Note
For access lists, ”permit any any” cannot be discarded, for the
ending part of an access list implicates a “deny any” rule sentence.
1.4 Configuring Expert
Extended Access List
To configure expert extended access lists on a device, you must specify unique names
or numbers for the access lists of a protocol to uniquely identifying each access list
inside the protocol.The table below lists the number range of the Expert access list.
Protocol Number Range
Expert extended access list 2700-2899
1.4.1 Configuration Guide of
Expert Extended Access List
When you create an expert extended access list, defined rules will be applied to all
packet messages on a switch. The switch decides whether to forward or block a packet
messages by judging whether the packet matches a rule.
The typical rules defined in expert access lists are the following:
All information in basic access lists and MAC extended access lists
VLAN ID
Expert extended access lists (2700 – 2899) are the syntheses of basic access lists and
MAC extended access lists and can filter VLAN IDs.
A single expert access list can use multiple separate access list sentences to define
multiple rules. Where, all sentences use a same number or name to bind these
sentences to a same access list.