Configuring Mac Address-Based Traffic Blocking; Configuring Vlan Acls; Understanding Vacls - Cisco 6500 Series Software Configuration Manual

Configuring MAC Address-Based Traffic Blocking

Configuring MAC Address-Based Traffic Blocking
With 12.1(13)E and later releases, to block all traffic to or from a MAC address in a specified VLAN,
perform this task:
Command
Router(config)# mac-address-table static mac_address
vlan vlan_ID drop
Router(config)# no mac-address-table static
mac_address vlan vlan_ID
This example shows how to block all traffic to or from MAC address 0050.3e8d.6400 in VLAN 12:
Router# configure terminal
Router(config)# mac-address-table static 0050.3e8d.6400 vlan 12 drop

Configuring VLAN ACLs

Note Releases 12.1(11b)E or later supports VLAN ACLs (VACLs).
The following sections describe VACLs:
•
•
•

Understanding VACLs

These sections describe VACLs:
•
•
•
•
VACL Overview
VACLs can provide access control for all packets that are bridged within a VLAN or that are routed into
or out of a VLAN or, with releases 12.1(13)E or later, a WAN interface for VACL capture. Unlike regular
Cisco IOS standard or extended ACLs that are configured on router interfaces only and are applied on routed
packets only, VACLs apply to all packets and can be applied to any VLAN or WAN interface. VACLS are
processed in hardware. VACLs use Cisco IOS ACLs. VACLs ignore any Cisco IOS ACL fields that are not
supported in hardware.
You can configure VACLs for IP, IPX, and MAC-Layer traffic. VACLs applied to WAN interfaces
support only IP traffic for VACL capture.
Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E
23-8
Understanding VACLs, page 23-8
Configuring VACLs, page 23-11
Configuring VACL Logging, page 23-17
VACL Overview, page 23-8
Bridged Packets, page 23-9
Routed Packets, page 23-10
Multicast Packets, page 23-11
Purpose
Blocks all traffic to or from the configured MAC address in
the specified VLAN.
Clears MAC address-based blocking.
Chapter 23 Configuring Network Security
78-14099-04