12 – MAC Access List 10,619 views

Posted by Mo7sin in CCNP, CCNP Switching (642 - 813) On 17/02/2012 at 12:44 AM


MAC ACL, also known as Ethernet ACL, can filter non-IP traffic on a VLAN and on a physical Layer 2 interface by using MAC addresses in a named MAC extended ACL. The steps to configure a MAC ACL are similar to those of extended named ACLs. MAC ACL supports only inbound traffic filtering.

To define the MAC Extended ACL, use the mac access-list extended command. Several non-IP protocols are supported.

After the MAC ACL is created, it can be applied to a Layer 2 interface using the mac access-group [acl-name] in command to filter non-IP traffic received on the interface.

Example 4-7 shows how to define and apply a MAC ACL to drop all (non-IP) AppleTalk Address Resolution Protocol (AARP) packets, allowing all other types of traffic.

Example 4-7. MAC ACL Configuration Example

Switch(config)# mac access-list extended my-mac-acl
Switch(config-ext-macl)# deny any any aarp
Switch(config-ext-macl)# permit any any
Switch(config-ext-macl)# exit
Switch(config)# interface Fastethernet0/10
Switch(config-if)# mac access-group my-mac-acl in
Switch(config-if)# end

%d bloggers like this: