From: Raj Bahad (raj.bahad@xxxxxxxxxxxxxx)
Date: Wed Jul 24 2002 - 11:16:09 GMT-3
Hi all,
I've come across a scenario which has me somewhat confused. In a practice lab,
I have been asked to deny all devices with a source mac-address range of
2222.4400.0000 from obtaining access to the rest of the network. This mac
address would be coming in from a Token Ring interface.
I have DLSw+ running, but have not included it in the example below/
The only way I know how to do this as follows:
Interface Tokenring0
source-bridge input-address-list 701
access-list 701 deny 2222.4400.0000 0000.00ff.ffff
access-list 701 permit 0000.0000.0000 ffff.ffff.ffff
Or
Interface Tokenring0
access-expression input smac(701)
access-list 701 deny 2222.4400.0000 0000.00ff.ffff
access-list 701 permit 0000.0000.0000 ffff.ffff.ffff
However I have been told there is a third way of doing this, and now here is
the confusing part, by using a Layer 3 filter instead of Layer 2!
The only way I can think of this by doing a "sh arp", and then define an
access-list which filters all the IP addresses which are mapped to their
respective mac addresses which fall into this range.
Am I way of the mark, or do any of you know of this third alternative method.
Thanks,
Raj.
This archive was generated by hypermail 2.1.4 : Sat Sep 07 2002 - 19:36:42 GMT-3