From: Balaji Siva (bsivasub@cisco.com)
Date: Thu Jan 16 2003 - 00:11:21 GMT-3
kym,
The documenation gives you part of the answer
http://www.cisco.com/univercd/cc/td/doc/product/lan/c3550/12112cea/3550scg/swacl.htm#xtocid25
and yes you can apply ip as well mac acl in layer 2 setup see below
As far as your question what is better, i think port-security is better
as it much easier to manipulate. There is probably another option which
is vlan access-maps.
Balaji
Layer 2
W2-4.14-C3550-48-A#sh run int fas 0/48
Building configuration...
Current configuration : 99 bytes
!
interface FastEthernet0/48
no ip address
ip access-group 101 in
mac access-group test in
end
W2-4.14-C3550-48-A#sh acce
W2-4.14-C3550-48-A#sh access-lists
Extended IP access list 101
permit ip any any
Extended MAC access list test
permit any any appletalk
kym blair wrote:
> On the 3550, does the mac access-list work on both Layer 2 and Layer 3
> ports/interfaces? Any pros or cons in comparison to switchport
> port-security mac-address? Can you also apply an IP access-list on
> the same port/interface? For either Layer 2 or Layer 3?
>
> Thanks, Kym
>
>
>
>
>
> _________________________________________________________________
> Help STOP SPAM: Try the new MSN 8 and get 2 months FREE*
> http://join.msn.com/?page=features/junkmail
> .
-- *************************************** Balaji Sivasubramanian TAC LAN Techlogies WW SME Cisco Systems RTP, NC, 27709 Ph: 919 392 7596 E-mail: bsivasub@cisco.com URL: http://www-tac.cisco.com/~bsivasub **************************************** .
This archive was generated by hypermail 2.1.4 : Sat Feb 01 2003 - 07:33:50 GMT-3