I have catalyst 35550 (c3550-i5q3l2-mz.121-19.EA1) with configured simplest MAC access list attached to L2 interface:
mac access-list extended xxx
deny any any
switchport access vlan 20
switchport mode access
no ip address
mac access-group xxx in
On Catalyst 2950T I have no problems, it works (blocks all traffic), but on catalyst 3550 traffic don't blocks. The result will be the same if I trying to filter frames from particular MAC address. I tried it on two different 3550 box-es, but no success.
Does anybody use MAC access-lists on 3550 for traffic filtering (or clasification) ?
"You can filter non-IP traffic on a VLAN and on a physical Layer 2 interface by using MAC addresses and named MAC extended ACLs. The procedure is similar to that of configuring other extended named ACLs. You can use a number to name the access list, but MAC access list numbers from 700 to 799 are not supported."
The same frase "You can filter Layer 2 traffic on a physical Layer 2 interface by using MAC addresses and named MAC extended ACLs. The procedure is similar to that of configuring other extended named access lists." I have found in "Configuring Network Security with ACLs" for Cat2950: