MAC access-list on Catalyst 4506

Unanswered Question
Mar 10th, 2008

I need to block and allow certain MAC addresses to a particular interface on a Catalyst 4506 switch. I created an extended MAC access-list and applied it to an interface however it doesn't work.


Can you have both IP extended ACLs and MAC extended ACLs on the same switch?


Do I have to apply it to a vlan also?


ACLs are generally pretty straight forward, what am I missing? Any help would be greatly apprecaited. Thanks.


mac access-list extended macacl

permit host abcd.abcd.abcd host efgh.efgh.efgh

deny any any


int gix/y

mac access-group macacl in



  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
mchin345 Fri, 03/14/2008 - 09:36

When you enter the mac access-list extended name command, you use the [no] {permit | deny} {{src-mac mask | any} [dest-mac mask]} [protocol-family {appletalk | arp-non-ipv4 | decnet | ipx | ipv6 | rarp-ipv4 | rarp-non-ipv4 | vines | xns}] subset to create or delete entries in a MAC layer access list.


http://www.cisco.com/en/US/docs/switches/lan/catalyst4500/12.2/40sg/command/reference/int_sess.html#wp1976794

Actions

This Discussion