ACL on layer 2 port with deny ip any any
Posted on 2013-11-20
Hello experts, kind of curious on something. I have two machines on one vlan. They can ping eachother no problem. I apply an ACL to the interface of one machine that says deny ip any any. This maybe a dumb question but why don't machines on the LAN communicate at layer 2 only with mac addresses? Why go through the trouble of doing ARP, then getting an IP and sending a packet to other destination? Why not just send to destination mac?
Is this only because windows works at l3 and up? Would any windows applications communicate through layer 2 only (any examples)?