09-15-2014 11:22 AM
Layer 2 ACL is not supported on ICX switches. I think VLAN ACL is supported. Please see this link below.
09-16-2014 02:01 AM
Thanks for your answer!
I have found "Mac filter" feature in documentation (Layer 2 Switching Configuration Guide). Is this feature close to L2ACL or has another functionality?
"MAC layer filtering enables you to build access lists based on MAC layer headers in the Ethernet/IEEE 802.3 frame. You can filter on the source and destination MAC addresses. The filters apply to incoming traffic only. You configure MAC address filters globally, then apply them to individual interfaces. To apply MAC address filters to an interface, you add the filters to that interface MAC address filter group."
device(config)#mac filter 1 permit 0000.0011.2222 ffff.ffff.ffff 0000.0022.3333 ffff.ffff.fff
device(config)#interface ethernet 0/1/1
device(config-if-e10000-0/1/1)#mac filter-group 1
09-16-2014 02:50 AM
I think "ACL filtering based on VLAN membership" - this is it not exactly VACL.
1). VLAN ACLs (VACLs) can provide access control for all packets that are bridged within a VLAN or that are routed into or out of a VLAN. Another words, VACL apply to entire VLAN (or list of VLANs), but "ACL filtering based on VLAN membership" apply to a specific VLAN on a specific physical port.
2). VACLs are not defined by direction (ingress or egress). "ACL filtering based on VLAN membership" apply only for inbound traffic