Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
715
Views
0
Helpful
2
Replies

6500: Protocol-Independent MAC ACL Filtering

Go to solution
ovt
Level 4
Level 4

‎06-03-2008 12:41 AM - edited ‎03-05-2019 11:23 PM

Is it supported in Security ACLs (PACLs and VACLs) in IOS 12.2(33)SXH ?

Is it possible to filter IPv4 traffic in hardware by MAC with ACLs on this platform?

The same question for ARP traffic.

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Ryan Carretta
Cisco Employee
Cisco Employee

‎06-03-2008 12:59 AM

Hi,

This should work for you. You would need to enable PI MAC ACL filtering by using the command 'mac packet-classify' on the ingress interface (or vlan interface if L2). This was supported as of 12.2(18)SXD - here is a link to the config guide in the SXF train:

http://www.cisco.com/en/US/docs/switches/lan/catalyst6500/ios/12.2SXF/native/configuration/guide/qos.html#wp1726493

For arp you can just create an arp access-list:

Test6k(config)#arp access-list ARP_FILTER

Test6k(config-arp-nacl)#permit ?

ip Sender IP address

request ARP Request

response ARP Response

View solution in original post

0 Helpful
2 Replies 2

Go to solution
Ryan Carretta
Cisco Employee
Cisco Employee

‎06-03-2008 12:59 AM

Hi,

This should work for you. You would need to enable PI MAC ACL filtering by using the command 'mac packet-classify' on the ingress interface (or vlan interface if L2). This was supported as of 12.2(18)SXD - here is a link to the config guide in the SXF train:

http://www.cisco.com/en/US/docs/switches/lan/catalyst6500/ios/12.2SXF/native/configuration/guide/qos.html#wp1726493

For arp you can just create an arp access-list:

Test6k(config)#arp access-list ARP_FILTER

Test6k(config-arp-nacl)#permit ?

ip Sender IP address

request ARP Request

response ARP Response

0 Helpful

Go to solution
ovt
Level 4
Level 4
In response to Ryan Carretta

‎06-03-2008 05:31 AM

Yes, this works. Also, ARP can be filtered with MAC ACLs (Ethertype 0x0806). ARP ACLs ("arp access-list") are related to DAI.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card