Configuring ACLs
Resequencing Entries
Cisco 4700 Series Application Control Engine Appliance Security Configuration Guide
1-18
To configure an EtherType ACL, use the access-list ethertype command in
configuration mode. The syntax of this command is as follows:
access-list name ethertype {deny | permit} {any | bpdu | ipv6 | mpls}
The keywords and arguments are as follows:
name—Unique identifier of the ACL. Enter an unquoted text string with no
•
spaces and a maximum of 64 alphanumeric characters.
•
ethertype—Name that specifies a subprotocol. Valid values are as follows:
deny—Blocks connections on the assigned interface
–
permit—Allows connections on the assigned interface
–
any—Specifies any EtherType
–
bpdu—Specifies a bridge protocol data unit
–
The ACE does not forward minimum spanning tree (MST) BPDUs.
Note
ipv6—Specifies Internet Protocol version 6
–
mpls—Specifies Multiprotocol Label Switching
–
Note
When you specify the mpls keyword in an EtherType ACL, the ACE
denies or permits both MPLS-unicast and MPLS-multicast traffic.
For example, to configure an EtherType ACL for MPLS, enter:
host1/Admin(config)# access-list INBOUND ethertype permit mpls
To remove an entry from an EtherType ACL, enter:
host1/Admin(config)# no access-list INBOUND ethertype permit mpls
You can resequence the entries in an ACL with a specific starting number and
interval by using the access-list name resequence command in configuration
mode. The ability to resequence entries in an ACL is supported only for extended
ACLs.
Chapter 1
Configuring Security Access Control Lists
OL-16202-01