Overview

The MAC ACL and MAC Classes are part of the ACL and Classifier subsystem and they each provide different functionality. Each of the features will be discussed independently to provide the most clarity.

The MAC ACL feature provides a mechanism for the user to permit or deny traffic based on Ethernet frame information. The feature allows for matching traffic based on source MAC address, destination MAC address, Ethernet type, CoS, or VLAN ID. Customers can use this feature to permit or deny specific MAC addresses, block certain types of traffic (for example, appletalk), or block certain CoS/priority packets. The feature extends ACL capabilities down to the Ethernet header and allows matching on most of the fields within the header. This feature’s CLI will work very similar to the way IP ACLs are configured but it will need a different context for configuring the match or ignore rules. The context will only allow permit or deny statements with the MAC header fields specified.

The MAC classes feature provides a mechanism for the user to perform actions (for example, remark) on traffic that matches the specified Ethernet header information in the class. The user can create a class that matches the Ethernet header fields: source MAC address, destination MAC address, Ethernet type, VLAN ID or VLAN CoSvalue. After the class is configured the class can be added into a policy and be associated with an action. MAC classes can be included in Mirror policies and can be applied to those features interfaces (for example, port or VLAN). MAC classes and IPv4/IPv6 classes are mutually exclusive within a policy. A policy that contains both MAC classes and IPv4/IPv6 classes will not be allowed to be configured. Once the policy is applied to an interface any matching traffic will have the specified action applied. This CLI will work very similar to the way classes are defined for IP based traffic.