This following information describes R-VPLS feature support in conjunction with MAC ACLs:
MAC criteria are supported with the following features in an R-VPLS service:
SAP ingress and egress for both bridged and routed packets with drop and forward action
matching for source MAC addresses, destination MAC addresses, Ethertype, and dot1p
filter entry counters and mirroring (ingress filters only)
either MAC or IP filters can be associated with SAP ingress or SAP egress; that is, they are mutually exclusive
MAC filter policies are supported in R-VPLS services associated with either an IES or VPRN service.
MAC filter policies are supported in sap-scale-mode high and low.
MAC criteria filter policies associated with R-VPLS SAP ingress and SAP egress use the resources for the ingress ACL and egress ACL resource pools configured using the system resource profile. If there are no resources allocated for MAC criteria, the association of the MAC criteria filter policy fails. That is, the user must first allocate the required resources for MAC criteria using the system resource profile before associating a MAC criteria policy with SAPs.
For routed packets, when the SAP ingress MAC filters and IP override ingress filters are configured, if the entries are matched in both filters and the drop action is configured, the drop action in either the MAC filter policy or IP override filter policy takes precedence. That is, if both the MAC filter policy and IP filter (IP override) policy match a routed packet, the packet is forwarded only if the action configured for all matched entries in both the MAC filter policy and IP filter policy is forward. Otherwise, the packet is dropped if there is a matched entry in either the MAC filter policy of IP filter policy with a drop action.If a counter is associated with both the MAC filter and IP override filter, the counter is incremented for matched entries in both the MAC filter and IP override filter. See VPLS SAP ingress IP filter override for more information about ACL behavior for IP override filters.
When an IP filter is associated with an R-VPLS SAP on ingress and an IP override filter is associated with the R-VPLS IP interface, and the R-VPLS SAP and IP interface belong to the same R-VPLS service, routed traffic is matched only with IP override filter entries. It is not matched with R-VPLS SAP ingress filter entries. See VPLS SAP ingress IP filter override for more information about ACL behavior for IP override filters.