82 ACL Commands• cos — Specifies the packets’s Class of Service (CoS). (Range: 0 - 7)• cos-wildcard — Specifies wildcard bits to be applied to the CoS.• eth-type — Specifies the packet’s Ethernet type in hexadecimal format. (Range: 0 - 05dd-ffff)• inner-vlan vlan id — Specifies the inner vlan id of a double tagged packet.Default ConfigurationNo MAC Access List is defined.Command ModeMAC-Access List Configuration mode.User Guidelines• The MAC ACL Global Configuration command allows access to the IP-Access List Configurationmode.• Before an Access Control Element (ACE) is added to an ACL, all packets are permitted. After an ACEis added, an implied deny-any-any condition exists at the end of the list and those packets that do notmatch the conditions defined in the permit statement are denied.ExampleThe following example shows how to create a MAC ACL with deny rules on a device.service-aclThe service-acl Interface Configuration (Ethernet, port-channel) mode command applies an ACL to theinput interface. Use the no form of this command to detach an ACL from an input interface.Syntax• service-acl {input acl-name | acl-name}• no service-acl {input}• input — Applies the specified ACL to the input interface.Default ConfigurationThis command has no default configuration.Command ModeInterface Configuration (Ethernet, port-channel) mode.Console(config)# mac access-list macl1Console (config-mac-acl)# deny 6:6:6:6:6:6:0:0:0:0:0:0 any5400_CLI.book Page 82 Wednesday, December 17, 2008 4:33 PM