Topology
Config:
hardware access-list allow deny ace
mac access-list yoda
10 permit fa16.3eb2.fd07 0000.0000.0000 any
20 permit fa16.3e72.7ae6 0000.0000.0000 any
30 permit fa16.3e0a.a70b 0000.0000.0000 any
mac access-list yoda-drop
10 permit any any
vlan access-map yoda-forward 10
match mac address yoda
action forward
vlan access-map yoda-forward 20
match mac address yoda-drop
action drop
vlan filter yoda-forward vlan-list 100
vlan 1,100
vlan 100
name yoda
interface Ethernet2/1
switchport
switchport access vlan 100
no shutdown
interface Ethernet2/2
switchport
switchport access vlan 100
no shutdown
interface Ethernet2/27
switchport
switchport mode trunk
switchport trunk allowed vlan 100
no shutdown
I still able to ping 192.168.1.103, even though its MAC is not in the permitted list.