116 Device SecurityStep 1: Create an ACL and Define an ACL RuleThis command creates an ACL named list1 and configures a rule for the ACL. After the mask has beenapplied, it permits packets carrying TCP traffic that matches the specified Source IP address, and sendsthese packets to the specified Destination IP address.console#configconsole(config)#access-list list1 permit tcp 192.168.77.0 0.0.0.255 192.168.77.30.0.0.0Step 2: Define the Second Rule for ACL 179Define the rule to set similar conditions for UDP traffic as for TCP traffic.console(config)#access-list list1 permit udp 192.168.77.0 0.0.0.255 192.168.77.30.0.0.255console(config)#exitStep 3: Apply the Rule to Outbound (Egress) Traffic on Port 1/g2Only traffic matching the criteria will be accepted.console(config)#interface ethernet 1/g2console(config-if-1/g2)#ip access-group list1 outconsole(config-if-1/g2)#exitConfiguring a MAC ACLThe following steps configure a MAC ACL that denies traffic with any MAC address access to hosts witha MAC address of 00:11:22:33:XX:XX, where XX is any hexadecimal value (1-F). The log parameterspecifies that the system should keep track of the number of times the rule is applied to traffic thatmeets the rule criteria. When a frame entering the port matches the rule, the rulehit counterincrements. Every five minutes the ACL application checks the counter. If the counter indicates that therule has been applied since the last time it was checked, the ACL application logs a message indicatingwhich rule was applied and how many times it was hit during that time period.The rule is applied to interface 1/g5 in the inbound direction and has a priority value of 6 (the lower thenumber, the higher the priority).Step 1: Set up a MAC Access Listconsole#configconsole(config)#mac access-list extended mac1console(config)#exitStep 2: Specify the MAC ACL Attributesconsole(config-mac-access-list)#deny any 00:11:22:33:44:55 00:00:00:00:FF:FF logStep 3: Configure a MAC Access Groupconsole(config)#interface ethernet 1/g5console(config-if-1/g5)#mac access-group mac1 in 6