I am trying to use VACLs with MAC access-lists to restrict IP traffic. My test box is a 3750-E and after much frustration I found the following in the documentation:
All non-IP protocols are access-controlled through MAC addresses and Ethertype using MAC VLAN maps. (IP traffic is not access controlled by MAC VLAN maps.)
Which squares up with what I found - I couldn't get IP traffic through the VACL, but the ethertype for arp worked fine, and also VACLs worked fine with IP access-lists rather than MAC.
The actual system I want to do this on though is a 6500 running 12.2 IOS. Does anyone know if the same restriction above applies - i.e. you cannot filter IP traffic using a MAC access lists on a VACL? I cant find any documentation references to this.