Layer-2 Protocol Tunneling ACLs

Three ACL match conditions and one ACL action interoperate with vendor-proprietary Layer-2 protocol tunneling on the platforms listed for this feature in the Switch Engine 32.7.1 Feature License Requirements document.

The following fields within 802.3 Subnetwork Access Protocol (SNAP) and LLC formatted packets can be matched:
The following field can be matched within Subnetwork Access Protocol (SNAP) packets only:
The following ACL action is added to the specified switches:

This action replaces the destination MAC address of any matching Layer-2 forwarded packets on the supported platforms. This action can be used to effectively tunnel protocol packets, such as STP, across a network by replacing the well-known protocol MAC address with a different proprietary or otherwise unique MAC address. After tunnel egress, the MAC destination address can be reverted back to the well-known MAC address.

Note

Note

The "replace-ethernet-destination-address" action applies only to Layer-2 forwarded packets.