From: Mark Lewis (markl11@xxxxxxxxxxx)
Date: Fri Sep 29 2000 - 10:31:49 GMT-3
Yup, we have the technology!
I've done it before, if I remember rightly I used an extended mac
access-list (1100-1199 (smac & dmac)). Now the trick is not the
configuration of the list(that should be v.easy), it's applying the filter.
Here's how to do it:
access-list 1100 (blah..blah...)
bridge irb
bridge 1 protocol ieee
int e0
bridge-group 1 input-pattern-list (or if you want, output)
int bvi1
ip address 10.1.1.1 255.255.255.0
Hope that helps,
Mark
P.S. Access-expressions are just combinations (of netbios filters,acl 200,
acl 700 using the old Boolean operators), so you could use one of them I
suppose.
>From: micklegao@netease.com
>Reply-To: micklegao@netease.com
>To: <ccielab@groupstudy.com>
>Subject: accesss-expression
>Date: Fri, 29 Sep 2000 20:28:43 +0800
>
>hi,
>
> this is a the config,
>
> router r1, r2 , r3 are connected by a hub with their ethernet port,
>r1 can ping r2 ,r3 sucessfully.
>if i only want r1 can ping r2, and not r1 ping r3, i must filter sth. if
>ip acce-filter is not permited, i want to use mac filter.
>
> does access-expresssion can do this?
> i have tryed , but failed.
>
This archive was generated by hypermail 2.1.4 : Thu Jun 13 2002 - 08:25:09 GMT-3