Extended MAC ACL CommandsThe following commands configure Extended MAC ACLs. The C9000 supports both Ingress and Egress MACACLs.When an access-list is created without any rule and then applied to an interface, ACL behavior reflects implicitpermit.NOTE: For more information, also refer to the Commands Common to all ACL Types andCommon MAC Access List Commands sections.denyTo drop packets that match the filter criteria, configure a filter.C9000 SeriesSyntax deny {any | host mac-address | mac-source-address mac-source-address-mask} {any | host mac-address | mac-destination-addressmac-destination-address-mask} [ethertype-operator] [count [byte]][log [interval minutes] [threshold-in-msgs [count]] [monitor]To remove this filter, you have two choices:• Use the no seq sequence-number command if you know the filter’s sequencenumber.• Use the no deny {any | host mac-address | mac-source-addressmac-source-address-mask} {any | host mac-address | mac-destination-address mac-destination-address-mask} command.Parameters any Enter the keyword any to drop all packets.host mac-address Enter the keyword host and then enter a MAC address to droppackets with that host address.mac-source-addressEnter a MAC address in nn:nn:nn:nn:nn:nn format.mac-source-address-maskSpecify which bits in the MAC address must match.The MAC ACL supports an inverse mask; therefore, a mask offf:ff:ff:ff:ff:ff allows entries that do not match and a mask of00:00:00:00:00:00 only allows entries that match exactly.mac-destination-addressEnter the destination MAC address and mask innn:nn:nn:nn:nn:nn format.Access Control Lists (ACL) 342