Not sure if this is supported on your code/feature set/platform; but it's worth a try:
##################
access-list (standard-ibm)
To establish a MAC address access list, use the access-list command in global configuration mode. To remove access list, use the no form of this command.
access-list access-list-number {permit | deny} address mask
no access-list access-list-number
Syntax Description
access-list-number | Integer from 700 to 799 that you select for the list. |
permit | Permits the frame. |
deny | Denies the frame. |
address mask | 48-bit MAC addresses written as a dotted triple of four-digit hexadecimal numbers. The ones bits in the mask argument are the bits to be ignored in address. |
Defaults
No MAC address access lists are established.
Command Modes
Global configuration
Command History
Release | Modification |
---|
10.0 | This command was introduced. |
12.2(33)SRA | This command was integrated into Cisco IOS Release 12.2(33)SRA. |
12.2SX | This command is supported in the Cisco IOS Release 12.2SX train. Support in a specific 12.2SX release of this train depends on your feature set, platform, and platform hardware. |
Usage Guidelines
Configuring bridging access lists of type 700 may cause a momentary interruption of traffic flow.
Examples
The following example assumes that you want to disallow the bridging of Ethernet packets of all Sun workstations on Ethernet interface 1. Software assumes that all such hosts have Ethernet addresses with the vendor code 0800.2000.0000. The first line of the access list denies access to all Sun workstations, and the second line permits everything else. You then assign the access list to the input side of Ethernet interface 1.
access-list 700 deny 0800.2000.0000 0000.00FF.FFFF
access-list 700 permit 0000.0000.0000 FFFF.FFFF.FFFF
bridge-group 1 input-address-list 700
Related Commands
Command | Description |
---|
access-list (type-code-ibm) | Builds type-code access lists. |