>MYCISCO(config-if)#mac access-group 1101
>
>Вы же сами пишете - нужен L2 аксесс лист, а на интерфейсе
>вводите команду касаемо L3 аксесс листа.

сюдя по всему это роутер.
на какой модели вы видели команду mac

>MYCISCO(config-if)#mac access-group 1101
>
>Вы же сами пишете - нужен L2 аксесс лист, а на интерфейсе
>вводите команду касаемо L3 аксесс листа.

вот список возможных команд на интерфейсе, какую выбрать? - предложенной Вами нет

MYCISCO(config-if)#?
Interface configuration commands:
  access-expression       Build a bridge boolean access expression
  arp                     Set arp type (arpa, probe, snap) or timeout
  backup                  Modify backup parameters
  bandwidth               Set bandwidth informational parameter
  bridge-group            Transparent bridging interface parameters
  carrier-delay           Specify delay for interface transitions
  cdp                     CDP interface subcommands
  cmns                    OSI CMNS
  custom-queue-list       Assign a custom queue list to an interface
  default                 Set a command to its defaults
  delay                   Specify interface throughput delay
  description             Interface specific description
  diffserv                diffserv (Provisioning)
  duplex                  Configure duplex operation.
  exit                    Exit from interface configuration mode
  fair-queue              Enable Fair Queuing on an Interface
  full-duplex             Configure full-duplex operational mode
  half-duplex             Configure half-duplex and related commands
  help                    Description of the interactive help system
  hold-queue              Set hold queue depth
  ip                      Interface Internet Protocol config commands
  keepalive               Enable keepalive
  llc2                    LLC2 Interface Subcommands
  load-interval           Specify interval for load calculation for an interface
  logging                 Configure logging for interface
  loopback                Configure internal loopback on an interface
  mac-address             Manually set interface MAC address
  max-reserved-bandwidth  Maximum Reservable Bandwidth on an Interface
  media-type              Interface media type
  mtu                     Set the interface Maximum Transmission Unit (MTU)
  multilink-group         Put interface in a multilink bundle
  netbios                 Use a defined NETBIOS access list or enable name-caching
  no                      Negate a command or set its defaults
  ntp                     Configure NTP
  priority-group          Assign a priority group to an interface
  random-detect           Enable Weighted Random Early Detection (WRED) on an Interface
  rate-limit              Rate Limit
  roles                   Specify roles (by entering roles mode)
  service-policy          Configure QoS Service Policy
  shutdown                Shutdown the selected interface
  snapshot                Configure snapshot support on the interface
  snmp                    Modify SNMP interface parameters
  speed                   Configure speed operation.
  standby                 HSRP interface configuration commands
  timeout                 Define timeout values for this interface
  traffic-shape           Enable Traffic Shaping on an Interface or Sub-Interface
  transmit-interface      Assign a transmit interface to a receive-only interface
  trunk-group             Configure interface to be in a trunk group
  tx-ring-limit           Configure PA level transmit ring limit

MYCISCO(config-if)#ip ?
Interface IP configuration subcommands:
  access-group        Specify access control for packets
  accounting          Enable IP accounting on this interface
  address             Set the IP address of an interface
  authentication      authentication subcommands
  bandwidth-percent   Set EIGRP bandwidth limit
  bgp                 BGP interface commands
  broadcast-address   Set the broadcast address of an interface
  cef                 Cisco Express Fowarding interface commands
  cgmp                Enable/disable CGMP
  dhcp                Configure DHCP parameters for this interface
  directed-broadcast  Enable forwarding of directed broadcasts
  dvmrp               DVMRP interface commands
  hello-interval      Configures IP-EIGRP hello interval
  helper-address      Specify a destination address for UDP broadcasts
  hold-time           Configures IP-EIGRP hold time
  idle-group          Specify interesting packets for idle-timer
  igmp                IGMP interface commands
  irdp                ICMP Router Discovery Protocol
  load-sharing        Style of load sharing
  local-proxy-arp     Enable local-proxy ARP
  mask-reply          Enable sending ICMP Mask Reply messages
  mrm                 Configure IP Multicast Routing Monitor tester
  mroute-cache        Enable switching cache for incoming multicast packets
  mtu                 Set IP Maximum Transmission Unit
  multicast           IP multicast interface commands
  nat                 NAT interface commands
  nbar                Network-Based Application Recognition
  nhrp                NHRP interface subcommands
  ospf                OSPF interface commands
  pim                 PIM interface commands
  policy              Enable policy routing
  probe               Enable HP Probe support
  proxy-arp           Enable proxy ARP
  rarp-server         Enable RARP server for static arp entries
  redirects           Enable sending ICMP Redirect messages
  rgmp                Enable/disable RGMP
  rip                 Router Information Protocol
  route-cache         Enable fast-switching cache for outgoing packets
  rsvp                RSVP interface commands
  rtp                 RTP parameters
  sap                 Session Announcement Protocol interface commands
  security            DDN IP Security Option
  split-horizon       Perform split horizon
  summary-address     Perform address summarization
  tcp                 TCP header compression and other parameters
  unnumbered          Enable IP processing without an explicit address
  unreachables        Enable sending ICMP Unreachable messages
  urd                 Configure URL Rendezvousing
  verify              Enable per packet validation
  vrf                 VPN Routing/Forwarding parameters on the interface
  wccp                WCCP interface commands

>только портик в лаер2 нужно перевести.
как это сделать - подскажите, плиз
>а вообще для "делаю авторизацию на основе mac адреса" есть способ привязка
>
>мака к ипи и лист уже на ипи пишешь. но это не
делал так связка не работала,

>спасет от подмены.
я знаю, что не спасет
>каталист есть?
каталист есть, но схема такая: одна кошка воткнута в другую кошку, а уже за ними сети, из одной из сетей надо ограничить доступ в другую сеть, между которыми две кошки.