From: Jung-I Lin (easyman.lin@gmail.com)
Date: Sat Oct 28 2006 - 23:57:53 ART
Configuring Named MAC Extended ACLs
You can filter non-IP traffic on a VLAN and on a physical Layer 2 interface
by using MAC addresses and named MAC extended ACLs. The procedure is similar
to that of configuring other extended named ACLs. You can use a number to
name the access list, but MAC access list numbers from 700 to 799 are not
supported.
quoted from cisco doc
http://www.cisco.com/univercd/cc/td/doc/product/lan/c3550/12225see/scg/swacl.htm
You can lab it to verify, even you explicitly deny the mac address, you can
still telnet to the denied device.
HTH.
On 10/29/06, Michael Zuo <mzuo@ixiacom.com> wrote:
>
> Hi Group,
>
>
>
> In the answer key, it mentions that extended MAC address access list can
> not filter IP traffic. I searched the 3550 configuration guide on
> extended MAC access-list and vlan-map, the doc only says it can not be
> applied to L3 interfaces.
>
>
>
>
>
> Anyone knows whether the solution is accurate and if so, what is the
> reason behind it? How would the mac address access-list even know the
> filtered traffic is IP or not?
>
>
>
>
>
> Thanks a bunch...
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
>
-- Thanks Best Regards,Jung-I Lin
This archive was generated by hypermail 2.1.4 : Wed Nov 01 2006 - 07:29:07 ART