Router(config)#access-list ? IP standard access list IP extended access list IPX SAP access list Extended 48-bit MAC address access list IPX summary address access list IP standard access list (expanded range) Protocol type-code access list IP extended access list (expanded range) DECnet access list XNS standard access list XNS extended access list Appletalk access list 48-bit MAC address access list IPX standard access list IPX extended access list dynamic-extended Extend the dynamic ACL abolute timer rate-limit Simple rate-limit specific access list Router(config)#access-list 700 deny 1234.1234.1234 0000.0000.00ff Router(config)#access-list 700 permit 0000.0000.0000 ffff.ffff.ffff Router(config)#int fa0/0 Router(config-if)#access-expression input smac(700)
Therefor the deny mac is obviously denying that first mac and then we're permitting everything else Keep in mind that MAc's are in hexadecimel and therefor the inverse mask (ACL remember) is ffff.ffff.ffff which is kind of like going 255.255.255.255 (any) for an ip access-list. Don't fret about the "access-expression". That's the only way to apply certain ACL's using Boolean algebraic expression. smac(700) being source-mac of using address 700. You can also use dmac(700) being the destination. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=63486&t=63463 -------------------------------------------------- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]