N o t e
Layer 2 Access Control Lists (ACLs)
Layer 2 traffic filtering on the switch is provided by:
■
Layer 2 filters - perform filtering on source or destination MAC addresses.
Layer 2 access control lists - perform access control based on source or
■
destination MAC address.
You can create Layer 2 filters at the port level using the l2filter command, or
you can create a Layer 2 access control list using the l2acl command.
When MAC address filters and Layer 2 ACLs are enabled on the same port,
MAC address filter processing precedes Layer 2 ACL processing; the device
either forwards or drops the traffic based on the MAC filter policies, and the
traffic is not subject to Layer 2 ACL processing.
Layer 2 Filters
To configure a Layer 2 filter, enter the following command and parameters:
ProCurve(config)#l2filter <name of l2 filter list> lock
<port address> aaaa.bbbb.cccc <source MAC address> vlan
<VLAN ID> interface <port/slot>
Layer 2 ACLS
The following is an example of applying an ACL named l2aclpermitany to
the source and destination MAC address:
ProCurve(config)#l2acl l2aclpermitany permit any any
The following Layer 2 ACL denies traffic from MAC address 1111.2222.3333 to
MAC address 4444.5555.6666:
ProCurve(config)#l2acl l2denysome deny 1111.2222.3333
4444.5555.6666
Access Control Lists (ACLs)
Layer 2 Access Control Lists (ACLs)
15-13