From: P729 (p729@xxxxxxx)
Date: Tue Aug 06 2002 - 22:02:21 GMT-3
Jeremy,
How about using an input-pattern-list that references an extended MAC ACL?
For example (watch the wrap):
!!!!!
interface FastEthernet1/0
bridge-group 1
bridge-group 1 input-pattern-list 1100
!
interface FastEthernet1/1
bridge-group 1
bridge-group 1 input-pattern-list 1100
!
access-list 1100 deny 0000.0000.0000 ffff.ffff.ffff 0000.0000.0000
ffff.ffff.ffff 0x25 2 eq 0x43
access-list 1100 deny 0000.0000.0000 ffff.ffff.ffff 0000.0000.0000
ffff.ffff.ffff 0x25 2 eq 0x44
access-list 1100 permit 0000.0000.0000 ffff.ffff.ffff 0000.0000.0000
ffff.ffff.ffff
!
bridge 1 protocol ieee
!!!!!
If I've got my offset correct (0x25), it should match on 0x0043 and 0x0044
(decimal 67 and 68) where the UDP destination port should be. Obviously,
looking this deep into a frame will impact your forwarding rate...
Regards,
Mas Kato
https://ecardfile.com/id/mkato
----- Original Message -----
From: "Wright, Jeremy" <JA_WRIGHT@admworld.com>
To: <ccielab@groupstudy.com>
Cc: <security@groupstudy.com>
Sent: Tuesday, August 06, 2002 1:09 PM
Subject: OT: Bridging On 3640
I have a 3640 with fa1/0 and fa1/1. i want to bridge everything through
except packets destin for port 67 and 68. im running into trouble with
making the right bridging commands as well as the acl. tia team!
************************
Jeremy Wright
Network Analyst
Archer Daniels Midland
ja_wright@admworld.com
(217)451-4063
************************
This archive was generated by hypermail 2.1.4 : Sat Sep 07 2002 - 19:48:18 GMT-3