569
Configuring Network Security with ACLs
Additional References
Switch # show access-lists
Extended MAC access list mac1
10 deny any any decnet-iv
20 permit any any
This example shows how to apply MAC access list mac1 to a port to filter packets entering the port:
Switch(config)# interface GigabitEthernet1/17
Switch(config-if)# mac access-group mac1 in
Note: The mac access-group interface configuration command is only valid when applied to a physical Layer 2
interface.You cannot use the command on EtherChannel port channels.
After receiving a packet, the switch checks it against the inbound ACL. If the ACL permits it, the switch continues to
process the packet. If the ACL rejects the packet, the switch discards it. When you apply an undefined ACL to an
interface, the switch acts as if the ACL has not been applied and permits all packets. Remember this behavior if you use
undefined ACLs for network security.
Additional References
The following sections provide references related to switch administration:
To Next Page
Loading...
Need help?
General