How to Configure Switch Port
The Switchport ACL (PACL) feature provides the ability to perform access control on specific Layer 2 ports. ACLs can also be used to control traffic on VLANs. Switch port ACLs can only be applied to Layer 2 interfaces in the inbound direction, and this controls traffic via IP access Lists.
Switch port ACL application is usually effective when applied on a trunk port, be warned that, if applied on a port with voice VLAN, the ACL filters traffic on both data and voice VLANs. The switch examines ACLs associated with features configured on a given interface and either permits or denies packet forwarding based on the criteria found in the entries of the ACL.
With switch port ACLs, you can filter IP traffic by using IP access lists and non-IP traffic using MAC addresses.
We use the topology below as a sample. follow me as we configure SW1 with ACLs to permit PC A to access Server A, and deny PC B from accessing the same network.
Configuration
SW1(config)#mac access-list extended orbit123
SW1(config-ext-macl)#deny any host 000e.53ac.9b72
SW1(config-ext-macl)#permit any any
Switch(config)#int f0/3
Switch(config)#mac access-group orbit123 in
Looking at the configuration commands above, you can see that we created and extended the named access list which is our only option. After creating the access list, we applied it on an interface (fa0/3). It is more like the same with the IP list, except that you start your command statement with Mac.
Verify your configuration
Use the Show access-list command to verify your configuration.
SW1#show access-list
How to Configure Switch Port Security How to Configure VTP Pruning on a Switched Network
Access Control Lists Explained (ACLs) IPv6 ACLs Applying Extended ACLs on Interfaces
Spanning Tree Protocol (STP) VLAN Trunking Protocol (VTP)
