From: Keith Steller (ksteller@attbi.com)
Date: Thu Jan 02 2003 - 17:57:02 GMT-3
Hi Group-
I could use some clarification on the overall functionality of vlan
access-maps and filters. I have two routers r4 and r5 on vlan 54 connected
through the 3550 with no SVI. I would like to configure it so only R4 has
access to vlan 54. I am not concerned with port level security, I would like
to do this with the vlan access-map and have had no luck. I looked at a
couple diff examples (3550 config guide 18-32) and it doesnt work for me. I
have a config below. I am unable to get what I would expect to be the right
result. I would think the config below would allow the mac defined and deny
all other traffic through the switch on the vlan. Thanks in advance for your
assistance!
K
!
vlan access-map PERMITR5 10
action forward
match mac address MAC
vlan filter PERMITR5 vlan-list 54
ip subnet-zero
ip routing
no ip domain-lookup
!
!
spanning-tree extend system-id
!
mac access-list extended MAC
permit host 0002.16ad.4f60 any
!
!
!
interface FastEthernet0/1
switchport access vlan 12
switchport mode access
no ip address
!
interface FastEthernet0/2
switchport access vlan 12
switchport mode access
no ip address
!
interface FastEthernet0/3
no ip address
!
interface FastEthernet0/4
switchport access vlan 54
switchport mode access
no ip address
!
interface FastEthernet0/5
switchport access vlan 54
switchport mode access
no ip address
!
r4#sh int fa0/0
FastEthernet0/0 is up, line protocol is up
Hardware is AmdFE, address is 0002.fd8e.a0c0 (bia 0002.fd8e.a0c0)
Internet address is 155.100.54.4/24
MTU 1500 bytes, BW 100000 Kbit, DLY 100 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation ARPA, loopback not set
Keepalive set (10 sec)
Full-duplex, 100Mb/s, 100BaseTX/FX
ARP type: ARPA, ARP Timeout 04:00:00
Last input 00:00:09, output 00:00:00, output hang never
Last clearing of "show interface" counters never
Queueing strategy: fifo
Output queue 0/40, 0 drops; input queue 0/75, 0 drops
5 minute input rate 0 bits/sec, 0 packets/sec
5 minute output rate 0 bits/sec, 0 packets/sec
54572 packets input, 12667113 bytes
Received 43143 broadcasts, 0 runts, 0 giants, 0 throttles
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored
0 watchdog, 0 multicast
0 input packets with dribble condition detected
221828 packets output, 21721444 bytes, 0 underruns
0 output errors, 0 collisions, 2 interface resets
r5#sh int fa0/0
FastEthernet0/0 is up, line protocol is up
Hardware is AmdFE, address is 0002.16ad.4f60 (bia 0002.16ad.4f60)
Internet address is 155.100.54.5/24
MTU 1500 bytes, BW 100000 Kbit, DLY 100 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation ARPA, loopback not set
Keepalive set (10 sec)
Half-duplex, 100Mb/s, 100BaseTX/FX
ARP type: ARPA, ARP Timeout 04:00:00
Last input 00:00:43, output 00:00:00, output hang never
Last clearing of "show interface" counters never
Queueing strategy: fifo
Output queue 0/40, 0 drops; input queue 0/75, 0 drops
5 minute input rate 0 bits/sec, 0 packets/sec
5 minute output rate 0 bits/sec, 0 packets/sec
50 packets input, 7140 bytes
Received 31 broadcasts, 0 runts, 0 giants, 0 throttles
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored
0 watchdog, 0 multicast
0 input packets with dribble condition detected
160 packets output, 18069 bytes, 0 underruns
0 output errors, 0 collisions, 3 interface resets
0 babbles, 0 late collision, 0 deferred
0 lost carrier, 0 no carrier
.
This archive was generated by hypermail 2.1.4 : Sat Feb 01 2003 - 07:33:39 GMT-3