29-19
Catalyst2950 and Catalyst2955 Switch Software Configuration Guide
78-11380-10
Chapter29 Configuring Network Securi ty with ACLs Applying ACLs to Terminal Lines or Physical Interfaces

Creating MAC Access Groups

Beginning in privileged EXEC mode, follow these steps to create MAC access groups and to apply a
MAC access list to an interface:
This example shows how to apply ACL 2 on an interface to filter packets entering the interface:
Switch(config)# interface gigabitethernet0/1
Router(config-if)# mac access-group 2 in
Note The mac access-group interface configuration command is only valid when applied to a Layer 2
interface.
For inbound ACLs, after receiving a packet, the switch checks the packet against the ACL. If the ACL
permits the packet, the switch continues to process the packet. If the ACL rejects the packet, the switch
discards the packet. The MAC ACL applies to both IP and non-IP packets.
When you apply an undefined ACL to an interface, the switch acts as if the ACL has not be en applied to
the interface and permits all packets. Remember this behavior if y ou us e un de fined ACLs as a means of
network security.
Applying ACLs to Terminal Lines or Physical Interfaces
Note Before applying an ACL to a physical interface, see the Guidelines for Applying ACLs to Physical
Interfaces section on page29-5.
You can apply ACLs to any management interface. For information on creating ACLs on management
interfaces, refer to the Configuring IP Services section of the Cisco IOS IP and IP Routing
Configuration Guide, Cisco IOS Release 12.1 and the Cisco IOS IP and IP Routing Command Reference,
Cisco IOS Release 12.1.
Note The limitations that apply to ACLs on physical interfaces do not apply to ACLs on management
interfaces.
Command Purpose
Step1 configure terminal Enter global configuration mode.
Step2 interface interface-id Identify a specific interface for configuration, and enter interface
configuration mode.
The interface must be a Layer 2 interface.
Step3 mac access-group {name} {in} Control access to the specified interface by using the MAC access list name.
Step4 end Return to privileged EXEC mode.
Step5 show mac-access group Display the MAC ACLs applied on the switch.
Step6 copy running-config startup-config (Optional) Save your entries in the configuration file.