MAC access-list on Catalyst 4506

Unanswered Question
Mar 10th, 2008
User Badges:

I need to block and allow certain MAC addresses to a particular interface on a Catalyst 4506 switch. I created an extended MAC access-list and applied it to an interface however it doesn't work.

Can you have both IP extended ACLs and MAC extended ACLs on the same switch?

Do I have to apply it to a vlan also?

ACLs are generally pretty straight forward, what am I missing? Any help would be greatly apprecaited. Thanks.

mac access-list extended macacl

permit host abcd.abcd.abcd host efgh.efgh.efgh

deny any any

int gix/y

mac access-group macacl in

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
mchin345 Fri, 03/14/2008 - 09:36
User Badges:
  • Silver, 250 points or more

When you enter the mac access-list extended name command, you use the [no] {permit | deny} {{src-mac mask | any} [dest-mac mask]} [protocol-family {appletalk | arp-non-ipv4 | decnet | ipx | ipv6 | rarp-ipv4 | rarp-non-ipv4 | vines | xns}] subset to create or delete entries in a MAC layer access list.


This Discussion