Solved: Confusion between port acl and MAC acl

pankaj kumar · ‎01-13-2014

hi,

i am confused between port acl and mac acl. i think that the mac acl is a part of port acl

i am correct or not please tell me.

cadet alain · ‎01-13-2014

Hi,

MAC ACL is filtering on MAC addresses vs IP ACL which filters on IP and anything transported by IP

port ACL is an ACL configured on a L2 switchport vs Routed ACL configured on a L3 port.

So you could be configuring a MAC ACL or IP ACL on a L2 port and it will be considered a Port ACL.

To summarize: port ACL=where is it applied and MAC ACL = on which fields of the frame is it filtering

Regards

Alain

Don't forget to rate helpful posts.

View solution in original post

cadet alain · ‎01-14-2014

Hi,

let's configure one ACL on a L3 switch(3750 for example):

access-list 101 permit ip host 10.1.1.1 host 10.1.1.2

-if we apply it on a L2 interface then it is a PACL or port ACL

int f0/1

switchport mode access

switchport access vlan 10

ip access-group 101 in

Now let's configure another ACL

access-list 102 permit tcp any host 192.168.2.3

-if we apply it on a SVI or a routed port( no switchport) it is a RACL or Router ACL

int vlan 1

ip add 192.168.1.1 255.255.255.0

ip access-group 102 in

But both ACLs are extended IPv4 ACLs.

For MAC ACL on 3750 switch:http://www.cisco.com/en/US/docs/switches/lan/catalyst3750/software/release/15.0_2_se/configuration/guide/swacl.html#wp1289037

Regards

Alain

Don't forget to rate helpful posts.

View solution in original post

cadet alain · ‎01-13-2014

Hi,

MAC ACL is filtering on MAC addresses vs IP ACL which filters on IP and anything transported by IP

port ACL is an ACL configured on a L2 switchport vs Routed ACL configured on a L3 port.

So you could be configuring a MAC ACL or IP ACL on a L2 port and it will be considered a Port ACL.

To summarize: port ACL=where is it applied and MAC ACL = on which fields of the frame is it filtering

Regards

Alain

Don't forget to rate helpful posts.

pankaj kumar · ‎01-14-2014

Please give example of these

MAC ACL

IP ACL

Routed ACL

cadet alain · ‎01-14-2014

Hi,

let's configure one ACL on a L3 switch(3750 for example):

access-list 101 permit ip host 10.1.1.1 host 10.1.1.2

-if we apply it on a L2 interface then it is a PACL or port ACL

int f0/1

switchport mode access

switchport access vlan 10

ip access-group 101 in

Now let's configure another ACL

access-list 102 permit tcp any host 192.168.2.3

-if we apply it on a SVI or a routed port( no switchport) it is a RACL or Router ACL

int vlan 1

ip add 192.168.1.1 255.255.255.0

ip access-group 102 in

But both ACLs are extended IPv4 ACLs.

For MAC ACL on 3750 switch:http://www.cisco.com/en/US/docs/switches/lan/catalyst3750/software/release/15.0_2_se/configuration/guide/swacl.html#wp1289037

Regards

Alain

Don't forget to rate helpful posts.