VLAN filtering with mac

Unanswered Question
Sep 13th, 2010
User Badges:


I'm trying to filter a mac address on a vlan using VACL/VLAN access map but i can't get it working om my 4510R. None of the traffic from the host seems to be filtered.

I want to filter mac 001c.7ec8.e7b2 on vlan 11. Here's the configuration:

mac access-list extended abcdef
permit host 001c.7ec8.e7b2 any

vlan access-map block1 10
action drop
match mac address abcdef
vlan access-map block1 20
action forward

vlan filter block1 vlan-list 11

When i use this exact same config on a 3560 it works just fine.

When i use a ip acl instead of a mac acl the filtering for that particular ip address works

What could be te case? The ios ver of the 4515R is 12.2(53)SG.


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Jon Marshall Thu, 09/23/2010 - 10:54
User Badges:
  • Super Blue, 32500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN


Just a guess but could you reorder your first entry ie.

vlan access-map block1 10
action drop
match mac address abcdef


vlan access-map block1 10

match mac address abcdef

action drop


DennisV99_2 Thu, 09/23/2010 - 11:45
User Badges:

Hi Jon,

Allthough i did configure the match line before the action line it shows up the lines the other way around in de running-config. Strange huh?

Nevertheless the show vlan access-map command shows the correct config:

Vlan access-map "block1"  10
  Match clauses:
    mac address: abcdef
Vlan access-map "block1"  20
  Match clauses:


This Discussion