Layer-2 Protocol Tunneling ACLs

Three ACL match conditions and one ACL action interoperate with vendor-proprietary Layer-2 protocol tunneling on the platforms listed for this feature in the Feature License Requirements document.

The following fields within 802.3 Subnetwork Access Protocol (SNAP) and LLC formatted packets can be matched:
  • Destination service access point (SAP)
  • Source SAP
The following field can be matched within Subnetwork Access Protocol (SNAP) packets only:
  • SNAP type
The following ACL action is added to the specified switches:
  • Replacement of the Ethernet MAC destination address

This action replaces the destination MAC address of any matching Layer-2 forwarded packets on the supported platforms. This action can be used to effectively tunnel protocol packets, such as STP, across a network by replacing the well-known protocol MAC address with a different proprietary or otherwise unique MAC address. After tunnel egress, the MAC destination address can be reverted back to the well-known MAC address.



The "replace-ethernet-destination-address" action applies only to Layer-2 forwarded packets.