Configure MAC Standard ACL Example

Network Requirements

• PC1, PC2, and PC3 are connected to IP Network via Device.
• Configure the MAC standard ACL rule, realizing that PC1 can access IP Network, PC2 and PC3 cannot access IP Network.

Network Topology

Figure 15–3 Networking of configuring MAC standard ACL

Configuration Steps

Step 1: Configure the link type of VLAN and port on Device.

#Create VLAN.

#Configure the link type of port gigabitethernet0/2 as Access, permitting the services of VLAN2 to pass.

Step 2: Configure the corresponding VLAN interface and IP address on Device. (Omitted)

Step 3: Configure the MAC standard ACL.

#Configure the MAC standard ACL with serial number 2001 on Device.

#Configure the rule, permitting PC1 to access IP Network.

#Configure the rule, preventing the network segment with MAC address 0002.0002.0000 and mask ffff.ffff.0000 from accessing IP Network.

#Submit the configured rule

#View the information of the ACL with serial number 2001 on Device.

Device#show mac access-list 2001 mac access-list standard 2001 
 10 permit host 0001.0001.0001 
 20 deny 0002.0002.0000 0000.0000.ffff

Step 4: Configure applying MAC standard ACL.

#Apply the MAC standard ACL with serial number 2001 to the ingress of the port gigabitethernet0/2 on Device.

#View the information of the ACL applied to the port on Device.

Device#show acl-object interface  
-----------Interface-----Bind-----Instance 	 
Interface----------------Direction----AclType----AclName 
gi0/2                    IN           MAC        2001 
-----------Interface-----Bind-----Instance 	 
Interface VlanId---------Direction----AclType----AclName

Step 5: Check the result.

#PC1 can access IP Network; PC2 and PC3 cannot access IP Network.