Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

ovt Bronze
Bronze

6500: Protocol-Independent MAC ACL Filtering

Is it supported in Security ACLs (PACLs and VACLs) in IOS 12.2(33)SXH ?

Is it possible to filter IPv4 traffic in hardware by MAC with ACLs on this platform?

The same question for ARP traffic.

1 ACCEPTED SOLUTION

Accepted Solutions

Re: 6500: Protocol-Independent MAC ACL Filtering

Hi,

This should work for you. You would need to enable PI MAC ACL filtering by using the command 'mac packet-classify' on the ingress interface (or vlan interface if L2). This was supported as of 12.2(18)SXD - here is a link to the config guide in the SXF train:

http://www.cisco.com/en/US/docs/switches/lan/catalyst6500/ios/12.2SXF/native/configuration/guide/qos.html#wp1726493

For arp you can just create an arp access-list:

Test6k(config)#arp access-list ARP_FILTER

Test6k(config-arp-nacl)#permit ?

ip Sender IP address

request ARP Request

response ARP Response

2 REPLIES

Re: 6500: Protocol-Independent MAC ACL Filtering

Hi,

This should work for you. You would need to enable PI MAC ACL filtering by using the command 'mac packet-classify' on the ingress interface (or vlan interface if L2). This was supported as of 12.2(18)SXD - here is a link to the config guide in the SXF train:

http://www.cisco.com/en/US/docs/switches/lan/catalyst6500/ios/12.2SXF/native/configuration/guide/qos.html#wp1726493

For arp you can just create an arp access-list:

Test6k(config)#arp access-list ARP_FILTER

Test6k(config-arp-nacl)#permit ?

ip Sender IP address

request ARP Request

response ARP Response

ovt Bronze
Bronze

Re: 6500: Protocol-Independent MAC ACL Filtering

Yes, this works. Also, ARP can be filtered with MAC ACLs (Ethertype 0x0806). ARP ACLs ("arp access-list") are related to DAI.

516
Views
0
Helpful
2
Replies
CreatePlease login to create content