permit

To configure the packets to be forwarded based on the MAC address and the associated parameters, use the command permit in Extended ACL MAC Configuration Mode. This command allows non-IP traffic to be forwarded if the conditions are matched.

permit

permit { {any } { | host } { <src-ip-address>} } { | host } { <dest-mac-address>} }

{ [{aarp } { | amber } { | dec-spanning } { | decnet-iv } { | diagnostic } { | dsm } { | etype-6000 } { | etype-8042 } { | lat } { | lavc-sca } { | mop-console } { | mop-dump } { | msdos } { | mumps } { | netbios } { | vines-echo } { | vines-ip } { | xns-id } { | <protocol (0-65535)> }

{ | encaptype } { | <integer (1-65535)>] } { [vlan } { <vlan-id (1-4094)>] } { {priority } { <value (1-255)>}] }

{ [outerEtherType } { < integer (1-65535)>] } { [svlan-id } { <vlan-id (1-4094)>] } { [svlan-priority } { <value (0-7)>] } { [cvlan-priority } { <value (0-7)>] }

{ [{single-tag } { | double-tag}] }

{ [redirect } { {interface } { <iftype> } { <ifnum> } { | <iftype> } { <ifnum> } { [<iftype> } { <iface_list>] } { load-balance } { {src-ip } { | dst-ip } { | src-mac } { | dst-mac } { | vlanid } { | src-tcpport } { | dst-tcpport } { | src-udpport } { | dst-udpport}}] }

{ [sub-action } { {none } { | modify-vlan } { <short (1-4094)> } { | nested-vlan } { <short (1 -4094)> } { | strip-ether-hdr}}] }

{ [next-filter-type } { {l2 } { | l3 } { | user-defined} } { next-filter-id } { | <short (1-65535)>}] }

{ dp } { {green } { | yellow } { | red} } { sub-action } { {modify-cfi-dei } { <short (0-1)>}] }

{ | user-priority } { <short (0-7)> } { cfi-dei } { <short (0-1)> } { sub-action } { {modify-dp } { {green } { | yellow } { | red} } { | modify-dc } { <short (0-7)>} }

Parameters

Parameter	Type	Description
`any`		Enter to specify that packets can be forwarded from any source MAC Address.
`host`		Enter to specify the host source MAC address to be used for forwarding the packets
`<src-ip-address>`		Enter a value for the host source MAC address to be used for forwarding the packets.
`host`		Enter to specify the destination MAC address from which the packets are denied.
`<dest-mac-address>`		Enter a value for the destination MAC address from which the packets are denied.
`aarp`		Enter to configure the non-IP protocol type as Ethertype AppleTalk Address Resolution Protocol that maps a data-link address to a network address.
`amber`		Enter to configure the non-IP protocol type as the address of the host that the packet is destined for.
`dec-spanning`		Enter to configure the non-IP protocol type as EtherType Digital Equipment Corporation spanning tree
`decnet-iv`		Enter to configure the non-IP protocol type as EtherType DECnet Phase IV protocol.
`diagnostic`		Enter to configure the non-IP protocol type as EtherType DEC-Diagnostic.
`dsm`		Enter to configure the non-IP protocol type as EtherType DEC-DSM/DDP.
`etype-6000`		Enter to configure the non-IP protocol type as EtherType 0x6000.
`etype-8042`		Enter to configure the non-IP protocol type as EtherType 0x8042.
`lat`		Enter to configure the non-IP protocol type as EtherType DEC-LAT.
`lavc-sca`		Enter to configure the non-IP protocol type as EtherType DEC-LAVC-SCA
`mop-console`		Enter to configure the non-IP protocol type as EtherType DEC-MOP Remote Console
`mop-dump`		Enter to configure the non-IP protocol type as EtherType DEC-MOP Dump.
`msdos`		Enter to configure the non-IP protocol type as EtherType DEC-MSDOS.
`mumps`		Enter to configure the non-IP protocol type as EtherType DEC-MUMPS.
`netbios`		Enter to configure the non-IP protocol type as EtherType DEC- Network Basic Input/Output System.
`vines-echo`		Enter to configure the non-IP protocol type as EtherType Virtual Integrated Network
`vines-ip`		Enter to configure the non-IP protocol type as EtherType VINES IP
`xns-id`		Enter to configure the non-IP protocol type as EtherType Xerox Network Systems protocol suite
`<protocol (0-65535)>`		Enter to configure the non-IP protocol type to be filtered. This value ranges from 0 to 65535. The value 0 represents that filter is applicable for all protocols.
`encaptype`		Enter to configure the arbitary ether type of a packet with Ethernet II or SNAP encapsulation in decimal
`<short (1-65535)>`		Enter a value for the arbitary ether type of a packet. This value ranges from 1 to 65535.
`vlan`		Enter to specify the VLAN ID to be filtered.
`<vlan-id (1-4094)>`		Enter a value for the VLAN ID. This value ranges from 1 to 4094.
`priority`		Enter to specify the priority of the filter to decide which filter rule is applicable when the packet matches with more than one filter rules. Higher value of ‘filter priority’ implies a higher priority.
`<short (1-255)>`		Enter a priority value. This value ranges from 1 to 255.
`outerEtherType`		Enter to specify the EtherType value to match on Service vlan tag (OutEthertype).
`<integer (1-65535)>`		Enter a value for OutEthertype. The value ranges from 1 to 65535
`svlan-id`		Enter to configure Service VLAN ID value to match against incoming packets.
`<vlan-id (1-4094)>`		Enter a value for Service VLAN ID. This value ranges from 1 to 4094.
`svlan-priority`		Enter to configure Customer VLAN priority value to match against incoming packets.
`<value (0-7)>`		Enter a Service VLAN priority value. This value ranges from 0 to 7.
`cvlan-priority`		Enter to configure Customer VLAN priority value to match against incoming packets.
`<value (0-7)>`		Enter a customer VLAN ID value. This value ranges from 0 to 7.
`double-tag`		Enter to specify double tag type of the packet.
`single-tag`		Enter to specify single tag type of the packet
`redirect`		Enter to redirect the action to the destination interface or set of interfaces.
`<iftype>`		Enter destination interface type.The interface can be: fastethernet – Officially referred to as 100BASE-T standard. This is a version of LAN standard architecture that supports data transfer up to 100 Megabits per second. gigabitethernet – A version of LAN standard architecture that supports data transfer up to 1 Gigabit per second. extreme-ethernet – A version of Ethernet that supports data transfer up to 10 Gigabits per second. This Ethernet supports only full duplex links
`<ifnum>`		Enter to redirect the packets to the specified interface identifier. This is a unique value that represents the specific interface. This value is a combination of slot number and port number separated by a slash, for interface types Gigabitethernet, Fastethernet and Extreme-Ethernet.
`<iface_list>`		Enter to redirect the packets to the list of interfaces.
`load-balance`		Enter to specify the parameters based on which the traffic distribution needs to be done.
`src-ip`		Enter to specify that the traffic distribution is based on the source IP address.
`dst-ip`		Enter to specify that the traffic distribution is based on the destination IP address.
`src-mac`		Enter to specify that the traffic distribution is based on the source MAC address.
`dst-mac`		Enter to specify that the traffic distribution is based on the destination MAC address.
`vlanid`		Enter to specify that the traffic distribution is based on the VLAN ID to be filtered.
`src-tcpport`		Enter to specify that the traffic distribution is based on the source TCP port number.
`dst-tcpport`		Enter to specify that the traffic distribution is based on the destination TCP Port number.
`src-udpport`		Enter to specify that the traffic distribution is based on the source UDP port number
`dst-udpport`		Enter to specify that the traffic distribution is based on the destination UDP port number.
`sub-action`		Enter to configure the VLAN specific sub action to be performed on the packet.
`none`		Enter to specify that the actions related to the VLAN ID will not be considered.
`modify-vlan`		Enter to specify to modify the VLAN ID to which the packet gets classified. The packet could be an untagged or VLAN tagged packet.
`<short (1-4094)>`	Integer	Enter a value for the VLAN ID to which the packet gets classified. This value ranges from 1 to 4094.
`nested-vlan`		Enter to specify to add an outer VLAN tag to the packet with the specified VLAN ID (nested VLAN).
`<short (1-4094)>`	Integer	Enter a value for the outer VLAN tag to the packet with the specified VLAN ID. This value ranges from 1 to 4094.
`none`		Enter to specify that the actions related to the VLAN ID will not be considered.
`strip-ether-hdr`		Enter to specify Strip outer Ethernet header for MPLS packets.
`next-filter-type`		Enter to specify the type of next access-control list.
`L2`		Enter to specify filtering to be done for MAC-based ACL.
`L3`		Enter to specify filtering to be done for IP-based ACL.
`user-defined`		Enter to specify User defined packets related configuration
`next-filter-id`		Enter to specify next filter ID related configuration
`<short (1-65535)>`		Enter a value for next filter ID related configuration.
`dp`		Enter to configure the packets to be forwarded based on the drop precedence.
`green`		Enter to specify drop precedence as green which implies that green packets are forwarded. This is the default
`red`		Enter to specify drop precedence as red which implies that red packets are forwarded.
`yellow`		Enter to specify drop precedence as yellow which implies that yellow packets are forwarded.
`sub-action`		Enter to specify sub action related configuration.
`modify-cfi-dei`		Enter to modify cfi-dei bit value in the c-vlan tag or s-vlan tag of the packet to be applied in the filter. This value can be either 0 or 1.
user-priority		Enter to configures that the packets are forwarded based on the user priority.
`<short (0-7)>`		Enter a value for c-vlan user priority.
`cfi-dei`		Enter to configure the CFI DEI value in the c-vlan tag or s-vlan tag of the packet to be applied in the filter. The value can be 0 or 1
`<short (0-7)>`		Enter a value for CFI DEI value in the c-vlan tag or s-vlan tag of the packet.
`sub-action`		Enter to configure sub action to be performed on the packet.
`modify-dp`		Enter to configure the drop-precedence.
`green`		Enter to specify drop precedence as green which implies that green packets are forwarded. This is the default
`red`		Enter to specify drop precedence as red which implies that red packets are forwarded.
`yellow`		Enter to specify drop precedence as yellow which implies that yellow packets are forwarded.
`sub-action`		Enter to specify sub action related configuration.
`modify-tc`		Enter to configure traffic class value.
`<short (0-1)>`		Enter a traffic class value. The value ranges from 0 to 7

Mode

Extended ACL MAC Configuration Mode

Default

protocol - 0
sub-action - none
vlan-id - 0
priority - 1
outerEtherType - 0
svlan-id - 0
cvlan-priority - 1
svlan-priority - 1
single-tag | double-tag - Single tag

Examples

is5comm (config)# mac access-list extended 5

iS5comm(config-ext-macl)# permit user-priority 1 cfi-dei 1 sub-action modify-dp green

is5comm (config-ext-macl)# permit dp red sub-action modify-cfi-dei 1

is5comm (config-ext-macl)# permit any any priority 255