MAC extended ACL

Unanswered Question
Sep 13th, 2007
User Badges:

Software Version: 12.1(19)EA1d

Problem Details: I'm testing the MAC extended ACL feature on our 3560

switch (sw 12.1(19)EA1d). It appears that it's working properly for the

PC's with MAC addresses permitted in the ACL. However, when I try to

connect a PC with MAC that is not in the "permit" ACL, the PC is able

to get an IP address from our DHCP server. Can you help with this?


mac access-list extended MAC_ACL

permit host abcd.abcd.abcd any

permit host abcd.abcd.abcc any


interface fa0/26

switchport access vlan 2

switchport mode access

no ip address

no mdix auto

power inline never

mac access-group MAC_ACL in

spanning-tree portfast




  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
aghaznavi Wed, 09/19/2007 - 13:32
User Badges:
  • Silver, 250 points or more

Named MAC extended ACLs can not be applied to L3 interfaces.

Define extended MAC ACLs to define the interesting traffic for the VLAN maps.

Switch(config)# mac access-list extended denyIPXACL


This Discussion