Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1386
Views
0
Helpful
2
Replies

VACLs with MAC access-lists?

des.mckee
Level 1
Level 1

‎12-11-2008 06:09 AM - edited ‎03-06-2019 02:55 AM

Hi,

I am trying to use VACLs with MAC access-lists to restrict IP traffic. My test box is a 3750-E and after much frustration I found the following in the documentation:

All non-IP protocols are access-controlled through MAC addresses and Ethertype using MAC VLAN maps. (IP traffic is not access controlled by MAC VLAN maps.)

Which squares up with what I found - I couldn't get IP traffic through the VACL, but the ethertype for arp worked fine, and also VACLs worked fine with IP access-lists rather than MAC.

The actual system I want to do this on though is a 6500 running 12.2 IOS. Does anyone know if the same restriction above applies - i.e. you cannot filter IP traffic using a MAC access lists on a VACL? I cant find any documentation references to this.

Thanks,

Des

Labels:
0 Helpful
2 Replies 2

jgreenwoodii
Level 1
Level 1

‎12-11-2008 09:13 AM

This is correct if you want to filter IP traffic you use a standard/extended ACL for ethertypes etc... you use a MAC ACL.

You can filter both types of traffic using a VACL for MAC ACL filtering under the access map you just have specify "match mac address" instead of "match ip address"

HTH

Jonathan

0 Helpful

des.mckee
Level 1
Level 1
In response to jgreenwoodii

‎12-11-2008 09:24 AM

Thanks. I was given the link i needed for the 6500 and it seems its the same - cannot filter normal IP traffic using a MAC access-lists, only the other ethertypes or malformed IP packets:

http://www.cisco.com/en/US/docs/switches/lan/catalyst6500/ios/12.2SXF/native/configuration/guide/qos.html#wp1726598

Cheers

0 Helpful
Customers Also Viewed These Support Documents