Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Community Member

MAC access-list on Catalyst 4506

I need to block and allow certain MAC addresses to a particular interface on a Catalyst 4506 switch. I created an extended MAC access-list and applied it to an interface however it doesn't work.

Can you have both IP extended ACLs and MAC extended ACLs on the same switch?

Do I have to apply it to a vlan also?

ACLs are generally pretty straight forward, what am I missing? Any help would be greatly apprecaited. Thanks.

mac access-list extended macacl

permit host abcd.abcd.abcd host efgh.efgh.efgh

deny any any

int gix/y

mac access-group macacl in

1 REPLY
Silver

Re: MAC access-list on Catalyst 4506

When you enter the mac access-list extended name command, you use the [no] {permit | deny} {{src-mac mask | any} [dest-mac mask]} [protocol-family {appletalk | arp-non-ipv4 | decnet | ipx | ipv6 | rarp-ipv4 | rarp-non-ipv4 | vines | xns}] subset to create or delete entries in a MAC layer access list.

http://www.cisco.com/en/US/docs/switches/lan/catalyst4500/12.2/40sg/command/reference/int_sess.html#wp1976794

619
Views
0
Helpful
1
Replies
CreatePlease to create content