[c-nsp] MAC ACL on CBS3020

Lukas Tribus luky-37 at hotmail.com
Wed Dec 24 09:36:39 EST 2014

> ... and that did exactly nothing, as in "packets continue to flow" and
> "show access-list hardware counter" shows exactly no "Drop" hits either.

Iirc, at least on some platforms, mac access-list only match non-IP traffic. So when we are talking IP (or IPv6) traffic, you probably wanna try an actual IP access-list (an ipv6 access-list in this case).

You may need to apply such ACLs to the vlan (via vlan-maps), not directly to the port.

But this is very platform specific, so YMMV.



More information about the cisco-nsp mailing list