Cisco Catalyst 2950 Software Configuration Manual page 462

Chapter 23 Configuring Network Security with ACLs
Configuring ACLs
This example shows how to apply ACL 2 on Gigabit Ethernet interface 0/1 to filter packets entering the
interface:
Switch(config)# interface gigabitethernet0/1
Router(config-if)# mac access-group 2 in
The mac access-group interface configuration command is only valid when applied to a Layer 2
Note
interface.
For inbound ACLs, after receiving a packet, the switch checks the packet against the ACL. If the ACL
permits the packet, the switch continues to process the packet. If the ACL rejects the packet, the switch
discards the packet. The MAC ACL applies to both IP as well as non-IP packets.
When you apply an undefined ACL to an interface, the switch acts as if the ACL has not been applied to
the interface and permits all packets. Remember this behavior if you use undefined ACLs as a means of
network security.
Catalyst 2950 Desktop Switch Software Configuration Guide
23-22
78-11380-04