cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1180
Views
3
Helpful
4
Replies

Cat3550 & MAC access lists

r-sinyuk
Beginner
Beginner

Hi everybody.

I have catalyst 35550 (c3550-i5q3l2-mz.121-19.EA1) with configured simplest MAC access list attached to L2 interface:

mac access-list extended xxx

deny any any

!

interface FastEthernet0/2

switchport access vlan 20

switchport mode access

no ip address

mac access-group xxx in

!

On Catalyst 2950T I have no problems, it works (blocks all traffic), but on catalyst 3550 traffic don't blocks. The result will be the same if I trying to filter frames from particular MAC address. I tried it on two different 3550 box-es, but no success.

Does anybody use MAC access-lists on 3550 for traffic filtering (or clasification) ?

4 Replies 4

skarundi
Enthusiast
Enthusiast

according to the 3550 "configuring network security" section of the config guide, the mac extended access lists are only used to filter non-ip traffic.

URL: http://www.cisco.com/univercd/cc/td/doc/product/lan/c3550/12119ea1/3550scg/swacl.htm#1177176

"You can filter non-IP traffic on a VLAN and on a physical Layer 2 interface by using MAC addresses and named MAC extended ACLs. The procedure is similar to that of configuring other extended named ACLs. You can use a number to name the access list, but MAC access list numbers from 700 to 799 are not supported."

The same frase "You can filter Layer 2 traffic on a physical Layer 2 interface by using MAC addresses and named MAC extended ACLs. The procedure is similar to that of configuring other extended named access lists." I have found in "Configuring Network Security with ACLs" for Cat2950:

http://www.cisco.com/en/US/products/hw/switches/ps628/products_configuration_guide_chapter09186a00800c6f1a.html#xtocid14

But on Cat2950T mac access-lists works correct.

foxpreacher
Beginner
Beginner

just correct me if I'am wrong.

I wonder catalyst 3550 is a MLS,and by default it runs route,and mac filter (layer 2 filter)doesn't work?

3550 is CEF based switch (not MLS), and according to

http://www.cisco.com/en/US/products/hw/switches/ps646/products_configuration_guide_chapter09186a00801cdf53.html#1177176 MAC access-lists mut be works.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: