Re: Mac Address Filtering - ANSWER

From: Jake (jakeczyz@xxxxxxxxx)
Date: Wed Jun 19 2002 - 23:10:55 GMT-3

• Next message: Jake: "PAPER CCIE - Cisco Monitors Please READ THIS"
• Previous message: Jake: "Re: Odd Emails"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

   
Here's an idea. Use an LSAP access list to permit ARP and then follow it by one
 denying
all FF's. I've never done this, but I don't see why it wouldn't work. (I truly
love each
and every one of you who is dedicated to ensuring that an untruth to be held i
f this is
not the case ;-)

Try this for starters:
<http://www.cisco.com/warp/public/86/4.html>
Then dab a little bit of this:
<http://www.cisco.com/univercd/cc/td/doc/product/software/ios103/rpcg/78879.htm
#xtocid2629225>

(Watch the Rap, yo)

Just my 2 grosze worth (that's like a lot less than $0.02)

Jake
Underpaid CCIE 9102
sh me th $

--- Mingzhou Nie <mnie@yahoo.com> wrote:
> Well, part of arp is to broadcast. If the requirement is to stop
> getting broadcast, then arp will break. There is not way you can
> workaround.
>
> The solution I see is but the ethernet at it's own vlan. One vlan is a
> broadcast domain. If it needs arp and dhcp those broadcast dependant
> protocols to work, use "ip helper-address" on other vlans to relay
> broadcast.
>
> Ming
>
> --- blewis@btconnect.com wrote:
> > I should have said that I need to use a mac address
> > access list. The main problem I have is that if I deny
> > ffffffffffff I cannot get an arp request through to the
> > router on the other side of the bridge. Any more ideas
> > anyone?
> >
> > Brett
> >
> > ---- original message ----
> >
> > >Assuming the network is 192.168.10.0 255.255.255.0:
> > >
> > >interface ethernet 0
> > > ip unnumbered serial 0
> > > ip access-group 101 in
> > > bridge-group 12
> > > no route-cache
> > >
> > >access-list 101 deny ip any host 192.168.10.255
> > >access-list 101 permit ip any any
> > >
> > >bridge 12 protocol ieee
> > >
> > >
> > >
> > >
> > >HTH, Kym
> > >
> > >>From: blewis@btconnect.com
> > >>Reply-To: blewis@btconnect.com
> > >>To: CCIE GROUPSTUDY <ccielab@groupstudy.com>
> > >>Subject: Mac Address Filtering
> > >>Date: Mon, 17 Jun 2002 14:09:27 00100
> > >>
> > >>Guys,
> > >>
> > >>Does anybody know how to stop broadcasts in-bound
> > on
> > >>an ethernet interface of a router configured as a
> > bridge,
> > >>I need to allow all other traffic. Any suggestion would
> > be
> > >>very helpfull.
> > >>
> > >>Brett

• Next message: Jake: "PAPER CCIE - Cisco Monitors Please READ THIS"
• Previous message: Jake: "Re: Odd Emails"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Tue Jul 02 2002 - 08:12:38 GMT-3