Cisco Systems EA6500 Manual De Usuario

With 12.1(13)E and later releases, to block all traffic to or from a MAC address in a specified VLAN, 
perform this task:

This example shows how to block all traffic to or from MAC address 0050.3e8d.6400 in VLAN 12:

Router# configure terminal 

Router(config)# mac-address-table static 0050.3e8d.6400 vlan 12 drop 

Releases 12.1(11b)E or later supports VLAN ACLs (VACLs).

The following sections describe VACLs:

These sections describe VACLs:

VACLs can provide access control for all packets that are bridged within a VLAN or that are routed into 
or out of a VLAN or, with releases 12.1(13)E or later, a WAN interface for VACL capture. Unlike regular 
Cisco IOS standard or extended ACLs that are configured on router interfaces only and are applied on routed 
packets only, VACLs apply to all packets and can be applied to any VLAN or WAN interface. VACLS are 
processed in hardware. VACLs use Cisco IOS ACLs. VACLs ignore any Cisco IOS ACL fields that are not 
supported in hardware.

You can configure VACLs for IP, IPX, and MAC-Layer traffic. VACLs applied to WAN interfaces 
support only IP traffic for VACL capture.

Router(config)# mac-address-table static mac_address 

 vlan_ID drop 

Blocks all traffic to or from the configured MAC address in 
the specified VLAN.

Router(config)# no mac-address-table static 

mac_address vlan vlan_ID 

Clears MAC address-based blocking.