Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

mac acl

Hi ,

 

I want to stop traffic from one of my port using Mac acl. I captures frames on wireshark and they are STP and LOOPBACK related. I believe Mac acl is used to stop Non ipv4 traffic which is STP etc..

 

i am using cisco 2960

 

mac access-list extended mactest

deny   any any

 

int gi0/10

mac access-group mactest in

 

But no effect on port.

 

Please help.

 

Thanks,

 

Shafi

Everyone's tags (1)
1 ACCEPTED SOLUTION

Accepted Solutions

MAC ACLs are supported only

MAC ACLs are supported only when the switch is running the LAN base image.

 

2 REPLIES

MAC ACLs are supported only

MAC ACLs are supported only when the switch is running the LAN base image.

 

New Member

Hi,I am using many c2960

Hi,

I am using many c2960 (C2960-LANBASEK9-M), Version 12.2(50)SE5 and c2950 EI (C2950-I6K2L2Q4-M), Version 12.1(22)EA14 and I want to filter out IPv6 traffic using mac access-list

sh access-list

Extended MAC access list Acl_Ipv6
    deny   any host 3333.0001.0002
    deny   any any 0x86DD 0x0
    permit any any (10601 matches)

 

this Acl is applied on all access-mode ports

But when using Wireshark, I can observe DHCP V6 multicast traffic (eth dst addr 33:33:00:01:00:02)

and I don't see any match on corresponding deny Aces

Have you been faced to same problem ?

Alain

 

 

 

59
Views
0
Helpful
2
Replies