From: Bill jegcitroen (jegcitroen@hotmail.com)
Date: Tue Oct 22 2002 - 05:39:37 GMT-3
I wonder how i can use layer-2 mac acl to deny specified mac address.
my scenario:
r1-e0-------e0-r2
I wanna stop receiving multicast 224.0.0.10.
my config:
R1:
bridge irb
//snip//
interface Ethernet0
no ip address
bridge-group 1
bridge-group 1 input-pattern-list 1100
//snip//
interface BVI1
ip address 172.1.36.3 255.255.255.0
//snip//
router eigrp 111
network 172.1.36.3 0.0.0.0
no auto-summary
no eigrp log-neighbor-changes
bridge 1 protocol ieee
bridge 1 route ip
access-list 1100 deny 0010.7be8.5302 0000.0000.0000 0100.5e00.000a
0000.0000.0000
! 0010.7be8.5302 is R2's ethernet mac address
access-list 1100 permit 0000.0000.0000 ffff.ffff.ffff 0000.0000.0000
ffff.ffff.ffff
#sh ip ei ne
IP-EIGRP neighbors for process 111
no eigrp neighbor is found, but u can ping them each other.
---------------------------------------
It DOES work.
but if i remove the bvi interface, and depoly the acl on the routed L3 E0
interface, it does not work.
interface Ethernet0
ip address 172.1.36.3 255.255.255.0
bridge-group 1
bridge-group 1 input-pattern-list 1100
Does anyone know the solution w/o using bvi interface?
thanx in advance
-jegcitroen
This archive was generated by hypermail 2.1.4 : Tue Nov 05 2002 - 08:35:53 GMT-3