Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1203
Views
3
Helpful
4
Replies

Cat3550 & MAC access lists

r-sinyuk
Level 1
Level 1

‎12-30-2003 11:54 AM - edited ‎03-02-2019 12:37 PM

Hi everybody.

I have catalyst 35550 (c3550-i5q3l2-mz.121-19.EA1) with configured simplest MAC access list attached to L2 interface:

mac access-list extended xxx

deny any any

!

interface FastEthernet0/2

switchport access vlan 20

switchport mode access

no ip address

mac access-group xxx in

!

On Catalyst 2950T I have no problems, it works (blocks all traffic), but on catalyst 3550 traffic don't blocks. The result will be the same if I trying to filter frames from particular MAC address. I tried it on two different 3550 box-es, but no success.

Does anybody use MAC access-lists on 3550 for traffic filtering (or clasification) ?

Labels:
0 Helpful
4 Replies 4

skarundi
Level 4
Level 4

‎12-30-2003 12:43 PM

according to the 3550 "configuring network security" section of the config guide, the mac extended access lists are only used to filter non-ip traffic.

URL: http://www.cisco.com/univercd/cc/td/doc/product/lan/c3550/12119ea1/3550scg/swacl.htm#1177176

"You can filter non-IP traffic on a VLAN and on a physical Layer 2 interface by using MAC addresses and named MAC extended ACLs. The procedure is similar to that of configuring other extended named ACLs. You can use a number to name the access list, but MAC access list numbers from 700 to 799 are not supported."

r-sinyuk
Level 1
Level 1
In response to skarundi

‎01-02-2004 04:14 AM

The same frase "You can filter Layer 2 traffic on a physical Layer 2 interface by using MAC addresses and named MAC extended ACLs. The procedure is similar to that of configuring other extended named access lists." I have found in "Configuring Network Security with ACLs" for Cat2950:

http://www.cisco.com/en/US/products/hw/switches/ps628/products_configuration_guide_chapter09186a00800c6f1a.html#xtocid14

But on Cat2950T mac access-lists works correct.

0 Helpful

foxpreacher
Level 1
Level 1

‎12-30-2003 04:59 PM

just correct me if I'am wrong.

I wonder catalyst 3550 is a MLS,and by default it runs route,and mac filter (layer 2 filter)doesn't work?

0 Helpful

r-sinyuk
Level 1
Level 1
In response to foxpreacher

‎01-02-2004 04:05 AM

3550 is CEF based switch (not MLS), and according to

http://www.cisco.com/en/US/products/hw/switches/ps646/products_configuration_guide_chapter09186a00801cdf53.html#1177176 MAC access-lists mut be works.

0 Helpful
Customers Also Viewed These Support Documents