Once a packet comes into the ingress ACL stage, the field parser breaks the packet into importantfields. There are too many to list here, but a short list could include Layer 2, 3, and 4 fields, MAC source,MAC destination, IP source, IP destination, Layer 4 ports, VLAN ID, outer VLAN, inner VLAN, outerpriority bits, inner priority bits, protocol, TCP flags, etc., as well as metadata that is passed in the packetfrom forwarding database lookups.
but how deep packet will be anaylsed to separate the target and source ip ?
Cos I do have to allow all frames from a specific mac except if the ip (src/dest) is a specific one or the protocol is igmp and the frame can be triple vlan tagged with three stacked 0x8100 tags.
Will it work ? Do you have an example ?