Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
696
Views
0
Helpful
1
Replies

MAC access-list and routing

Greg Wrobel
Level 1
Level 1

‎11-09-2012 11:38 AM - edited ‎03-07-2019 09:58 AM

OK, I have a problem and looking for feasible solution. I hope someone here can help me.

I have Cisco 3560x layer 3, but there is one problem with MAC ACL.

Here is sample scenario:

I have two VLANS 2 & 3. There is one device (D1) on VLAN 2 and three (D2,D3,D4) devices on VLAN 3. D1 can talk only to D2 and D3. D4 can talk only to D2 and D3. D1 and D4 cannot talk at all.

I got the IP access list all set, but I was asked to get the MAC ACL on it. The problem is that as soon as packet is routed, its MAC addresses will change, correct?

Is there way of preventing device with same IP but differnt MAC from talking to device it should not to, keeping in mind that the packet will be routed?

Thanks!

Labels:
0 Helpful
1 Reply 1

Arumugam Muthaiah
Cisco Employee
Cisco Employee

‎11-09-2012 10:14 PM

Hi Greg,

  • The VLAN ACL can be applied to vlan interface ip-access group and controls all traffic within and out VLAN, not in
  • The RACL Applied to vlan interface controls routed traffic in/out

Please verify that did you apply any RACL which can filter any traffic specific to D1. if we want to filter traffic that is flowing within a VLAN, Router-based Access Control List cannot help. This is when we can use VLAN Access Control List

Regards,

Aru

*** Please rate if the post is useful ***

Regards, Aru *** Please rate if the post useful ***
0 Helpful
Customers Also Viewed These Support Documents