cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
575
Views
0
Helpful
3
Replies

MAC ACL issue on a Catalyst 4507R

limtohsoon
Level 1
Level 1

Hi Sir,

I have an existing Catalyst 3550 (EMI IOS IMAGE feature set) with the following MAC ACL configured:

!

mac access-list extended pppoe-mac

permit any any 0x8863 0x0

permit any any 0x8864 0x0

!

interface FastEthernet0/1

mac access-group pppoe-mac in

!

Going to migrate the configuration to a Catalyst 4507R (BASIC L3 3DES (RIP,ST.ROUTES,IPX,AT) feature set). Somehow, the MAC ACL command is different on the C4507R, as follows:

C4507R(config-ext-macl)#permit any any protocol-family ?

appletalk

arp-non-ipv4

decnet

ipx

ipv6

rarp-ipv4

rarp-non-ipv4

vines

xns

The "permit any any" is followed only by "protocol-family". If I configure any of the following options, the next is to press <CR>. There's nowhere to key in the EtherType in hex.

Attached is the comparison of the features on both switches, using Feature Navigator. I don't see any feature difference that causes the above problem.

Please help.

Thank you.

B.Rgds,

Lim TS

3 Replies 3

Roberto Salazar
Level 8
Level 8

Unfortunately, I think this platform does not support full parsing of the ether-type as the limitation is in the way the current port ASICs pass the Ethertype. They basically parse and relay only a subset of all the possible Ethertype values. I am not positive on this platform but PFC2 had the same limitation in which the full ether-type was also parsed out.

Meanwhile on PFC3 based systems you will be able to parse an arbitrary ethernet-type. So basically you have full parsing of the ethernet-type on PFC3 in the range of <0x0-0xFFFF> and obviously on 3550's ASIC as well.

I am afraid you will have to either get a sup720 or go bakc to 3550.

Please rate helpful posts.

Hi,

Thanks for your reply.

Are you able to provide me any supporting document that shows the limitation of the C4507R to support full parsing of the ethertypes, before I open TAC case?

My customer is connecting his PPPoE customers to the switchports and need to allow only PPPoE ethertypes. Else, without the MAC ACL on the C4507R, my customer is complaining he's seeing many broadcasts into the ports.

Please help.

Thank you.

B.Rgds,

Lim TS

My supporting docs are internal. Maybe TAC have something external but I have not been able to find them.

Please rate helpful posts.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Innovations in Cisco Full Stack Observability - A new webinar from Cisco