EasyManuals Logo

Cisco IE-3000-8TC User Manual

Cisco IE-3000-8TC
874 pages
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Page #652 background imageLoading...
Page #652 background image
34-22
Cisco IE 3000 Switch Software Configuration Guide
OL-13018-03
Chapter 34 Configuring Network Security with ACLs
Creating Named MAC Extended ACLs
Applying a MAC ACL to a Layer 2 Interface
After you create a MAC ACL, you can apply it to a Layer 2 interface to filter non-IP traffic coming in
that interface. When you apply the MAC ACL, consider these guidelines:
You can apply no more than one IP access list and one MAC access list to the same Layer 2 interface.
The IP access list filters only IP packets, and the MAC access list filters non-IP packets.
A Layer 2 interface can have only one MAC access list. If you apply a MAC access list to a Layer 2
interface that has a MAC ACL configured, the new ACL replaces the previously configured one.
Beginning in privileged EXEC mode, follow these steps to apply a MAC access list to control access to
a Layer 2 interface:
To remove the specified access group, use the no mac access-group {name} interface configuration
command.
This example shows how to apply MAC access list mac1 to a port to filter packets entering the port:
Switch(config)# interface gigabitethernet1/2
Router(config-if)# mac access-group mac1 in
Note The mac access-group interface configuration command is only valid when applied to a physical
Layer 2 interface.You cannot use the command on EtherChannel port channels.
After receiving a packet, the switch checks it against the inbound ACL. If the ACL permits it, the switch
continues to process the packet. If the ACL rejects the packet, the switch discards it. When you apply an
undefined ACL to an interface, the switch acts as if the ACL has not been applied and permits all
packets. Remember this behavior if you use undefined ACLs for network security.
Command Purpose
Step 1
configure terminal Enter global configuration mode.
Step 2
interface interface-id Identify a specific interface, and enter interface configuration
mode. The interface must be a physical Layer 2 interface (port
ACL).
Step 3
mac access-group {name} {in} Control access to the specified interface by using the MAC access
list.
Port ACLs are supported only in the inbound direction.
Step 4
end Return to privileged EXEC mode.
Step 5
show mac access-group [interface interface-id]
Display the MAC access list applied to the interface or all Layer 2
interfaces.
Step 6
copy running-config startup-config (Optional) Save your entries in the configuration file.

Table of Contents

Other manuals for Cisco IE-3000-8TC

Preview: Hardware Installation Guide
Hardware Installation Guide170 pages
Preview: Command Reference
Command Reference802 pages
Preview: Getting Started Guide
Getting Started Guide32 pages
Preview: Administration Guide
Administration Guide496 pages
Preview: Message Guide
Message Guide98 pages

Questions and Answers:

Question and Answer IconNeed help?

Do you have a question about the Cisco IE-3000-8TC and is the answer not in the manual?

Cisco IE-3000-8TC Specifications

General IconGeneral
Switching Capacity16 Gbps
MAC Address Table Size8000
Uplink Ports2 x 10/100/1000Base-T or SFP (Small Form-Factor Pluggable)
Operating Temperature-40°C to 70°C
MountingDIN rail
Ports8 x Ethernet 10/100Base-TX ports
Jumbo Frame SupportYes

Related product manuals