RE: [cisco-ttl] cisco 3550 üzerinde mac yasaklama

From: Fuat Kilic (fkilic) <fkilic_at_....>
Date: Mon, 7 Jan 2008 19:24:34 +0100



mac access-group

Use the mac access-group interface configuration command to apply a MAC access control list (ACL) to a Layer 2 interface. Use the no form of this command to remove all MAC ACLs or the specified ACL from the interface. You create the MAC ACL by using the mac access-list extended global configuration command.

mac access-group {name} in

no mac access-group [name]

Syntax Description


Specify a named MAC access list.


Specify that the ACL is applied in the ingress direction. Outbound ACLs are not supported on Layer 2 interfaces.


No MAC ACL is applied to the interface.

Command Modes

Interface configuration (Layer 2 interfaces only)

Command History


This command was introduced.

Usage Guidelines

You can apply MAC ACLs only to ingress Layer 2 interfaces. You cannot apply MAC ACLs to Layer 3 interfaces.

On Layer 2 interfaces, you can filter IP traffic by using IP access lists and non-IP traffic by using MAC access lists. You can filter both IP and non-IP traffic on the same Layer 2 interface by applying both an IP ACL and a MAC ACL to the interface.

You cannot apply more than one MAC ACL to a Layer 2 interface. If a MAC ACL is already configured on a Layer 2 interface and you apply a new MAC ACL to the interface, the new ACL replaces the previously configured one.

You cannot apply a MAC ACL (or IP ACL) to a Layer 2 interface on a switch that has an input Layer 3 ACL or a VLAN map applied to it. If a switch has a MAC ACL or IP ACL applied to a Layer 2 interface, you cannot apply an IP ACL to an input Layer 3 interface on that switch, and you cannot apply a VLAN map to any of the switch VLANs.

When an inbound packet is received on an interface with a MAC ACL applied, the switch checks the match conditions in the ACL. If the conditions are matched, the switch forwards or drops the packet, according to the ACL action.

If the specified ACL does not exist, the switch forwards all packets.


Note <> For more information about configuring MAC extended ACLs, see the "Configuring Network Security with ACLs" chapter in the software configuration guide for this release.


This example shows how to apply a MAC extended ACL named macacl2 to an interface:

Switch(config)# interface fastethernet0/1

Switch(config-if)# mac access-group macacl2 in

You can verify your settings by entering the show mac access-group privileged EXEC command. You can view configured ACLs on the switch by entering the show access-lists privileged EXEC command.

Related Commands

show access-lists

Displays the ACLs configured on the switch.

show mac access-group

Displays the MAC ACLs configured on the switch.

show running-config

Displays the running configuration on the switch. For syntax information, select Cisco IOS Release 12.2 Configuration Guides and Command References > Cisco IOS Configuration Fundamentals Command Reference, Release 12.2 > File Management Commands > Configuration File Management Commands.      

Fuat Kılıç | Sistem Mühendisi | Cisco Türkiye | +90 212 366 7604 | +90 533 928 4608 | [email protected] <mailto:[email protected]> | <>    

From: [] On Behalf Of tre pon Sent: Wednesday, January 02, 2008 3:42 PM To:
Subject: [cisco-ttl] cisco 3550 üzerinde mac yasaklama

cisco 3550 switch üzerinde mac adresine göre yasaklama yapabiliyor muyuz? Yardýmcý olursanýz sevinirim.

Mersin Üniversitesi

Never miss a thing. Make Yahoo your home page. <>  

[Non-text portions of this message have been removed] Received on Wed Jan 09 2008 - 15:00:23 CET

This archive was generated by hypermail 2.2.0 : Wed Jan 09 2008 - 15:00:53 CET