A simple question on ACL. Can i configure an acl or extended acl to deny tcp packets from a host based on that host's MAC ADDRESS instead of ip address? Because i tried doing that and it seems i can't configure acl to deny based on mac. The reason is our network uses DHCP and i want to block a pc's internet. Thanks in advance for all replies.