The steps to configure a MAC ACL are similar to those of
extended named ACLs. MAC ACL supports only inbound traffic filtering.
To define the MAC Extended ACL, use the mac access-list extended command. Several non-IP protocols are
supported.
After the MAC ACL is created, it can be applied to a Layer 2 interface using the mac access-group [acl-name]
in command to filter non-IP traffic received on the interface.
Example 4-7 shows how to define and apply a MAC ACL to drop all (non-IP) AppleTalk Address Resolution
Protocol (AARP) packets, allowing all other types of traffic.
Example 4-7. MAC ACL Configuration Example
Switch(config)# mac access-list extended my-mac-acl
Switch(config-ext-macl)# deny any any aarp
Switch(config-ext-macl)# permit any any
Switch(config-ext-macl)# exit
Switch(config)# interface Fastethernet0/10
Switch(config-if)# mac access-group my-mac-acl in
Switch(config-if)# end
Switch#
Spanning Tree Protocol Features
Spanning Tree Protocol (STP) resolves redundant topologies into loop-free, treelike topologies. When switches
are interconnected via multiple paths, STP prevents loops from being formed. An STP loop (or forwarding loops)
can occur when the entire network fails because of a hardware failure, a configuration issue, or a network
attack.
Pages:
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185