Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Cat3550 & MAC access lists

Hi everybody.

I have catalyst 35550 (c3550-i5q3l2-mz.121-19.EA1) with configured simplest MAC access list attached to L2 interface:

mac access-list extended xxx

deny any any

!

interface FastEthernet0/2

switchport access vlan 20

switchport mode access

no ip address

mac access-group xxx in

!

On Catalyst 2950T I have no problems, it works (blocks all traffic), but on catalyst 3550 traffic don't blocks. The result will be the same if I trying to filter frames from particular MAC address. I tried it on two different 3550 box-es, but no success.

Does anybody use MAC access-lists on 3550 for traffic filtering (or clasification) ?

4 REPLIES
Bronze

Re: Cat3550 & MAC access lists

according to the 3550 "configuring network security" section of the config guide, the mac extended access lists are only used to filter non-ip traffic.

URL: http://www.cisco.com/univercd/cc/td/doc/product/lan/c3550/12119ea1/3550scg/swacl.htm#1177176

"You can filter non-IP traffic on a VLAN and on a physical Layer 2 interface by using MAC addresses and named MAC extended ACLs. The procedure is similar to that of configuring other extended named ACLs. You can use a number to name the access list, but MAC access list numbers from 700 to 799 are not supported."

New Member

Re: Cat3550 & MAC access lists

The same frase "You can filter Layer 2 traffic on a physical Layer 2 interface by using MAC addresses and named MAC extended ACLs. The procedure is similar to that of configuring other extended named access lists." I have found in "Configuring Network Security with ACLs" for Cat2950:

http://www.cisco.com/en/US/products/hw/switches/ps628/products_configuration_guide_chapter09186a00800c6f1a.html#xtocid14

But on Cat2950T mac access-lists works correct.

New Member

Re: Cat3550 & MAC access lists

just correct me if I'am wrong.

I wonder catalyst 3550 is a MLS,and by default it runs route,and mac filter (layer 2 filter)doesn't work?

New Member

Re: Cat3550 & MAC access lists

3550 is CEF based switch (not MLS), and according to

http://www.cisco.com/en/US/products/hw/switches/ps646/products_configuration_guide_chapter09186a00801cdf53.html#1177176 MAC access-lists mut be works.

813
Views
3
Helpful
4
Replies
CreatePlease login to create content