VACLs with MAC access-lists?

Unanswered Question
Dec 11th, 2008
User Badges:


I am trying to use VACLs with MAC access-lists to restrict IP traffic. My test box is a 3750-E and after much frustration I found the following in the documentation:

All non-IP protocols are access-controlled through MAC addresses and Ethertype using MAC VLAN maps. (IP traffic is not access controlled by MAC VLAN maps.)

Which squares up with what I found - I couldn't get IP traffic through the VACL, but the ethertype for arp worked fine, and also VACLs worked fine with IP access-lists rather than MAC.

The actual system I want to do this on though is a 6500 running 12.2 IOS. Does anyone know if the same restriction above applies - i.e. you cannot filter IP traffic using a MAC access lists on a VACL? I cant find any documentation references to this.



  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
jgreenwoodii Thu, 12/11/2008 - 09:13
User Badges:

This is correct if you want to filter IP traffic you use a standard/extended ACL for ethertypes etc... you use a MAC ACL.

You can filter both types of traffic using a VACL for MAC ACL filtering under the access map you just have specify "match mac address" instead of "match ip address"




This Discussion