RE: VLAN map ACL

From: Senthil Kumar (senthil.kumar@intechnology.co.uk)
Date: Thu Nov 07 2002 - 07:10:38 GMT-3

• Next message: Adam Crisp: "so what's this all about then?"
• Previous message: Nguyen Hoang Long: "Fw: To correct DLSW NetBIOS filter"
• Maybe in reply to: Donny MATEO: "VLAN map ACL"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

i was trying to block a bpdu originated from a switch at the boundry, did a
vlan access-list to block mac any to mac bpdu. did an acccess map and
applied it to all range of vlans. still the switch sensed a bpdu on the
trunked interface and blocked the port.

 doesnt look like it works on trunk..the documentation in the web is very
limited. have you tried applying vlan filters..did it work, can you block an
originating muliticast?..i'd love to see your configs...

cheers ! sen

-----Original Message-----
From: Vijay S Jayaraman [mailto:vjayaram@in.ibm.com]
Sent: 07 November 2002 06:32
To: Erick B.
Cc: ccielab@groupstudy.com; Donny MATEO; nobody@groupstudy.com
Subject: Re: VLAN map ACL

My idea is the absolute source and destination of the packet will have to
be maintained in the VACL.....

But the VACL cannot be applied on an interface like an IP ACL which will
filter traffic based on in and out mentioned in the ip access-group
command......
i.e filtering cannot be done based on direction of traffic on the
interface......

Regards,
Vijay.

                      "Erick B."

                      <erickbe@yahoo.co To: Donny MATEO
<donny.mateo@sg.ca-indosuez.com>, ccielab@groupstudy.com
                      m> cc:

                      Sent by: Subject: Re: VLAN map ACL

                      nobody@groupstudy

                      .com

                      11/07/2002 10:41

                      AM

                      Please respond to

                      "Erick B."

I'm presuming it works similar to 6500 VACLs...

VACLs are applied to VLAN in both directions (no in or
out option) but the source / destination address in
the access-list isn't interchangable - its just like
any other access-list configuration. Lets say your
access-list denys any to IP host 1.2.3.4. Any traffic
coming in or out of the VLAN where VACL is applied
will be denied access to host 1.2.3.4.

Erick B.
CCNP, NNCSE

--- Donny MATEO <donny.mateo@sg.ca-indosuez.com>
wrote:
> Hi All,
>
> if I remember correctly the VLAN map feature will
> filter traffic in both direction (inbound and
> outbound).
> So the source / destination sequence on the IP ACL
> can be put interchangeably ?
> Am I correct on my assumption ? ( I have not got a
> hand on the 3550, so I can't test it right now).
>
> tks
> Donny

• Next message: Adam Crisp: "so what's this all about then?"
• Previous message: Nguyen Hoang Long: "Fw: To correct DLSW NetBIOS filter"
• Maybe in reply to: Donny MATEO: "VLAN map ACL"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Tue Dec 03 2002 - 07:22:54 GMT-3