RST-3508
9805_05_2004_c2
RST-3508
9805_05_2004_c2
© 2004 Cisco Systems, Inc. All rights reserved. Printed in USA.
Presentation_ID.scr
MAC ACLs
MAC ACLs can be used to filter non-IP traffic
•
MAC ACLs do not filter IP traffic
•
cat4507R#
sh access-lists
Extended IP access list 101
permit ip host 4.4.4.3 any
Extended MAC access list decnet_acl
deny
any any protocol-family decnet
permit any any
© 2004 Cisco Systems, Inc. All rights reserved.
VLAN ACL Map (VACL)
mac access-list extended drop-appletalk
permit any any protocol-family
appletalk
ip access-list extended ip2
permit ip any any
vlan access-map vacl-100 15
action drop
match mac address drop-appletalk
vlan access-map vacl-100 20
action forward
match ip address ip2
!
vlan filter vacl-100 vlan-list 201
© 2004 Cisco Systems, Inc. All rights reserved.
VACLs match all
•
packets on the VLAN
VACLs may have IP
•
based and MAC based
ACLs, with implicit
deny all at the end
This example will
•
permit IP and drop all
Appletalk frames on
VLAN 201
85
85
85
86
86
86