01-13-2014 06:16 AM - edited 03-07-2019 05:31 PM
hi,
i am confused between port acl and mac acl. i think that the mac acl is a part of port acl
i am correct or not please tell me.
Solved! Go to Solution.
01-13-2014 07:31 AM
Hi,
MAC ACL is filtering on MAC addresses vs IP ACL which filters on IP and anything transported by IP
port ACL is an ACL configured on a L2 switchport vs Routed ACL configured on a L3 port.
So you could be configuring a MAC ACL or IP ACL on a L2 port and it will be considered a Port ACL.
To summarize: port ACL=where is it applied and MAC ACL = on which fields of the frame is it filtering
Regards
Alain
Don't forget to rate helpful posts.
01-14-2014 10:48 AM
Hi,
let's configure one ACL on a L3 switch(3750 for example):
access-list 101 permit ip host 10.1.1.1 host 10.1.1.2
-if we apply it on a L2 interface then it is a PACL or port ACL
int f0/1
switchport mode access
switchport access vlan 10
ip access-group 101 in
Now let's configure another ACL
access-list 102 permit tcp any host 192.168.2.3
-if we apply it on a SVI or a routed port( no switchport) it is a RACL or Router ACL
int vlan 1
ip add 192.168.1.1 255.255.255.0
ip access-group 102 in
But both ACLs are extended IPv4 ACLs.
For MAC ACL on 3750 switch:http://www.cisco.com/en/US/docs/switches/lan/catalyst3750/software/release/15.0_2_se/configuration/guide/swacl.html#wp1289037
Regards
Alain
Don't forget to rate helpful posts.
01-13-2014 07:31 AM
Hi,
MAC ACL is filtering on MAC addresses vs IP ACL which filters on IP and anything transported by IP
port ACL is an ACL configured on a L2 switchport vs Routed ACL configured on a L3 port.
So you could be configuring a MAC ACL or IP ACL on a L2 port and it will be considered a Port ACL.
To summarize: port ACL=where is it applied and MAC ACL = on which fields of the frame is it filtering
Regards
Alain
Don't forget to rate helpful posts.
01-14-2014 10:43 AM
Please give example of these
MAC ACL
IP ACL
Routed ACL
01-14-2014 10:48 AM
Hi,
let's configure one ACL on a L3 switch(3750 for example):
access-list 101 permit ip host 10.1.1.1 host 10.1.1.2
-if we apply it on a L2 interface then it is a PACL or port ACL
int f0/1
switchport mode access
switchport access vlan 10
ip access-group 101 in
Now let's configure another ACL
access-list 102 permit tcp any host 192.168.2.3
-if we apply it on a SVI or a routed port( no switchport) it is a RACL or Router ACL
int vlan 1
ip add 192.168.1.1 255.255.255.0
ip access-group 102 in
But both ACLs are extended IPv4 ACLs.
For MAC ACL on 3750 switch:http://www.cisco.com/en/US/docs/switches/lan/catalyst3750/software/release/15.0_2_se/configuration/guide/swacl.html#wp1289037
Regards
Alain
Don't forget to rate helpful posts.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide