MAC Access Control Lists (ACL)s are an extension of the ACLs feature which include IPv4 Standard, IPv4 Extended ACLs, and IPv6 ACLs. The MAC classes is an extension of Classifier policy feature which includes Mirror policies.

Classifier Policies and ACLs specify packet attributes on which to match and then take action upon those packets. In the case of ACLs, the actions are permit, deny and log. In the case of Classifier Policies, the actions are specific to the policy type (Mirror).

The current implementation of ACLs limits packet matching to fields within the IP header of the packet (source IP address, destination IP address, protocol, etc.). MAC ACLs will allow for matching within the Ethernet header of a packet, including source MAC address, destination MAC address and EtherType protocol. MAC ACLs will also allow access to the 802.1q Ethernet frame header values which include the CoS and the VLAN ID. The IP ACLs apply only to Ethernet packets that are of type IP but MAC ACLs will apply to all traffic.