© 2004 Cisco Systems, Inc. All rights reserved. Printed in USA.
Presentation_ID.scr
858585
© 2004 Cisco Systems, Inc. All rights reserved.
RST-3508
9805_05_2004_c2
MAC ACLs
• MAC ACLs can be used to filter non-IP traffic
• MAC ACLs do not filter IP traffic
cat4507R# sh access-lists
Extended IP access list 101
permit ip host 4.4.4.3 any
Extended MAC access list decnet_acl
deny any any protocol-family decnet
permit any any
868686
© 2004 Cisco Systems, Inc. All rights reserved.
RST-3508
9805_05_2004_c2
VLAN ACL Map (VACL)
• VACLs match all
packets on the VLAN
• VACLs may have IP
based and MAC based
ACLs, with implicit
deny all at the end
• This example will
permit IP and drop all
Appletalk frames on
VLAN 201
mac access-list extended drop-appletalk
permit any any protocol-family
appletalk
ip access-list extended ip2
permit ip any any
vlan access-map vacl-100 15
action drop
match mac address drop-appletalk
vlan access-map vacl-100 20
action forward
match ip address ip2
!
vlan filter vacl-100 vlan-list 201
To Next Page
Loading...
Need help?
General
