It makes sense. I noticed that Cisco isn't very picky at the way you
type out the ethertype.
It took the following:
Cat1(config)#mac access-list extended test2
Cat1(config-ext-macl)#permit any any 0x806 ?
Cat1(config-ext-macl)#permit any any 0x806 0x0
Cat1(config-ext-macl)#permit any any 0x806 0
Cat1(config-ext-macl)#permit any any 0x0800 0x0
Cat1(config-ext-macl)#permit any any 0x0800 0
Cat1(config-ext-macl)#permit any any 0x800
And converted them all to:
mac access-list extended test2
permit any any 0x806 0x0
permit any any 0x800 0x0
Any finally you can actually use the decimal version of the ethertype
and the IOS will convert it to hex.
Cat1(config)#mac access-list extended test3
Cat1(config-ext-macl)#permit any any 2048 0
Cat1(config-ext-macl)#end
mac access-list extended test3
permit any any 0x800 0x0
Thanks for the explanation Scott,
Justin Guagliata
Atos Origin
From: Scott Morris [mailto:smorris_at_ine.com]
Sent: Friday, August 07, 2009 4:52 PM
To: Guagliata, Justin
Cc: ccielab_at_groupstudy.com
Subject: Re: MAC ACL
It's a wildcard mask, just in hex.
0x0000 (reduced to 0x0) will be exact/only match.
0x0006 will match 0x0800, 0x0802, 0x0804, 0x0806 respectively (break
into binary!
HTH,
Scott Morris, CCIEx4 (R&S/ISP-Dial/Security/Service Provider) #4713,
JNCIE-M #153, JNCIS-ER, CISSP, et al.
JNCI-M, JNCI-ER
evil_at_ine.com
Internetwork Expert, Inc.
http://www.InternetworkExpert.com
Toll Free: 877-224-8987
Outside US: 775-826-4344
Knowledge is power.
Power corrupts.
Study hard and be Eeeeviiiil......
Guagliata, Justin wrote:
I'm a little confused about the mac acl and blocking a specific
ethertype value. I thought I could specify just an ethertype, but it
appears that I need to specify a mask as well.
Cat1(config)#mac access-list extended MAC-ACL
Cat1(config-ext-macl)#permit any any 0x0800
% Incomplete command.
Cat1(config-ext-macl)#permit any any 0x8000 ?
<0-65535> EtherType mask in decimal, hex, or octal
Thanks,
Justin Guagliata
Atos Origin
Blogs and organic groups at http://www.ccie.net
Received on Fri Aug 07 2009 - 17:08:18 ART
This archive was generated by hypermail 2.2.0 : Tue Sep 01 2009 - 05:43:56 ART