Configuring Access Control Lists 523Configuring a MAC ACLBeginning in Privileged EXEC mode, use the following commands to createan MAC ACL, configure rules for the ACL, and bind the ACL to an interface.CTRL + Z Exit to Privileged EXEC mode.show ip access-lists[name]Display all IPv4 access lists and all of the rules that aredefined for the IPv4 ACL. Use the optionalnameparameter to identify a specific IPv4 ACL to display.Command Purposeconfigure Enter global configuration mode.mac access-list extendednameCreate a named MAC ACL. This command also entersMAC Access List Configuration mode. If a MAC ACLwith this name already exists, this command enters themode to update the existing ACL.{deny | permit}{srcmac srcmacmask |any} {dstmacdstmacmask | any |bpdu } [{ethertypekey |0x0600-0xFFFF }] [vlaneq0-4095 ] [cos0-7][secondary-vlan eq0-4095 ] [secondary-cos0-7] [log] [time-rangetime-range-name][assign-queuequeue-id][{mirror |redirect}interface ]Specify the rules (match conditions) for the MAC accesslist.•srcmac — Valid source MAC address in formatxxxx.xxxx.xxxx.•srcmacmask — Valid MAC address bitmask for the sourceMAC address in format xxxx.xxxx.xxxx.• any — Packets sent to or received from any MAC address•dstmac — Valid destination MAC address in formatxxxx.xxxx.xxxx.•destmacmask — Valid MAC address bitmask for thedestination MAC address in format xxxx.xxxx.xxxx.• bpdu — Bridge protocol data unit•ethertypekey — Either a keyword or valid four-digithexadecimal number. (Range: Supported values areappletalk, arp, ibmsna, ipv4, ipv6, ipx, mplsmcast,mplsucast, Netbios, novell, pppoe, rarp.)•0x0600-0xFFFF — Specify custom EtherType value(hexadecimal range 0x0600-0xFFFF)Command Purpose