6500: Protocol-Independent MAC ACL Filtering

Answered Question

Is it supported in Security ACLs (PACLs and VACLs) in IOS 12.2(33)SXH ?

Is it possible to filter IPv4 traffic in hardware by MAC with ACLs on this platform?

The same question for ARP traffic.

I have this problem too.
0 votes
Correct Answer by Ryan Carretta about 8 years 7 months ago

Hi,

This should work for you. You would need to enable PI MAC ACL filtering by using the command 'mac packet-classify' on the ingress interface (or vlan interface if L2). This was supported as of 12.2(18)SXD - here is a link to the config guide in the SXF train:

http://www.cisco.com/en/US/docs/switches/lan/catalyst6500/ios/12.2SXF/native/configuration/guide/qos.html#wp1726493

For arp you can just create an arp access-list:

Test6k(config)#arp access-list ARP_FILTER

Test6k(config-arp-nacl)#permit ?

ip Sender IP address

request ARP Request

response ARP Response

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Correct Answer
Ryan Carretta Tue, 06/03/2008 - 00:59

Hi,

This should work for you. You would need to enable PI MAC ACL filtering by using the command 'mac packet-classify' on the ingress interface (or vlan interface if L2). This was supported as of 12.2(18)SXD - here is a link to the config guide in the SXF train:

http://www.cisco.com/en/US/docs/switches/lan/catalyst6500/ios/12.2SXF/native/configuration/guide/qos.html#wp1726493

For arp you can just create an arp access-list:

Test6k(config)#arp access-list ARP_FILTER

Test6k(config-arp-nacl)#permit ?

ip Sender IP address

request ARP Request

response ARP Response

Actions

This Discussion