From: trust.hogo@sarcom.com
Date: Fri Feb 14 2003 - 13:49:40 GMT-3
I hope this helps:
Vlan access-map drop-tcp-bad 10
action drop
match mac address trusted-macs
Vlan access-map drop-tcp-bad 20
action drop
match ip address 101
Vlan access-map drop-tcp-bad 30
action forward
Vlan filter drop-tcp-bad vlan-list 20-22
Mac access-list extended trusted-macs
permit host 0000.0c00.0111 any
Access-list 101 permit ip host 10.1.1.1
Access-list 101 permit ip any host 10.1.1.1
If there is a portion of this sample config you don't understand let me
know. This should work for you. Infect I have tried this not denying but
permitting so I just changed the drop and forward actions.
Trust Hogo
CCNP,CCDP,ESSE,MCSE
-----Original Message-----
From: Pita40 [mailto:pita40@hotmail.com]
Sent: Friday, February 14, 2003 11:02 AM
To: ccielab@groupstudy.com
Subject: Deny specific mac and ip using Vlan Map on 3550
I am trying to deny specific mac add and ip add using Vlan Map. I am having
diffeculty succeeding. Used CD for reference no success. I am tryung to deny
ip add 10.1.1.1 with mac add 000.0c00.0111. Here is what I came up with
using the CD as a reference. But it does not work.
Help
Switch(config)# mac access-list extended bad-hosts Switch(config-ext-macl)#
permit host 000.0c00.0111 any Switch(config-ext-macl)# permit any any
Switch(config)# ip access-list extended tcp-match Switch(config-ext-nacl)#
permit ip host 10.1.1.1 any Switch(config-ext-nacl)# permit ip any any
Switch(config)# vlan access-map drop-tcp-bad 10 Switch(config-access-map)#
match ip address tcp-match Switch(config-access-map)# match mac address
bad-hosts Switch(config-access-map)# action drop
Switch(config)# vlan access-map drop-tcp-bad 20 Switch(config-access-map)#
action forward
Switch(config)# vlan filter drop-tcp-bad vlan-list 20-22
This archive was generated by hypermail 2.1.4 : Sat Mar 01 2003 - 11:06:23 GMT-3