VACLs with MAC access-lists?

Unanswered Question
Dec 11th, 2008
User Badges:

Hi,

I am trying to use VACLs with MAC access-lists to restrict IP traffic. My test box is a 3750-E and after much frustration I found the following in the documentation:


All non-IP protocols are access-controlled through MAC addresses and Ethertype using MAC VLAN maps. (IP traffic is not access controlled by MAC VLAN maps.)


Which squares up with what I found - I couldn't get IP traffic through the VACL, but the ethertype for arp worked fine, and also VACLs worked fine with IP access-lists rather than MAC.


The actual system I want to do this on though is a 6500 running 12.2 IOS. Does anyone know if the same restriction above applies - i.e. you cannot filter IP traffic using a MAC access lists on a VACL? I cant find any documentation references to this.


Thanks,

Des


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
jgreenwoodii Thu, 12/11/2008 - 09:13
User Badges:

This is correct if you want to filter IP traffic you use a standard/extended ACL for ethertypes etc... you use a MAC ACL.


You can filter both types of traffic using a VACL for MAC ACL filtering under the access map you just have specify "match mac address" instead of "match ip address"


HTH


Jonathan

Actions

This Discussion