From: Abdul Waheed Ghaffar (a_w_ghaffar@hotmail.com)
Date: Sun Aug 10 2003 - 19:15:04 GMT-3
MAC access-list do not apply on IP.
>From: "Mustafa M Bayramov" <spyroot@azeronline.com>
>Reply-To: "Mustafa M Bayramov" <spyroot@azeronline.com>
>To: "'Volkov, Dmitry \(IDS Canada\)'" <dmitry_volkov@ca.ml.com>,
><ccielab@groupstudy.com>
>Subject: RE: vlan map Permit IP
>Date: Sat, 9 Aug 2003 19:03:25 -0400
>
>I think because 0x0 match only first octets if you are doing 0x806 0x0
>-- you're permitting 0x80xx.
>(I've tried to match by bit I couldn't archive this ).
>
>Mustafa M Bayramov
>
>CISSP
>CCNP,CCDP,Cisco Security Specialist
>Network engineer and security analyst
>
>"I know nothing except the fact of my ignorance." Socrates
>
>Regards
>
>-----Original Message-----
>From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
>Volkov, Dmitry (IDS Canada)
>Sent: Saturday, August 09, 2003 12:25 PM
>To: 'ccielab@groupstudy.com'
>Subject: vlan map Permit IP
>
>Can somebody explain WHY does it work ?
>
>mac access-list extended vlan2mac
> permit any any 0x806 0x0
>!
>vlan access-map vlan2 10
> action forward
> match mac address vlan2mac
>vlan filter vlan2 vlan-list 2
>
>I mean - IP flows between ports in Vlan 2 without explicitly permitting
>Ethertype 0800 (IP) in mac access-list:
>permit any any 0x800 0x0. Why ??
>If I remove permitting ARP (806) and claer arp cache - ARP stops
>working,
>but IP is still working if I remove permit 0x0800
>
>Thanks,
>
>Dmitry
>
>
>_______________________________________________________________________
>You are subscribed to the GroupStudy.com CCIE R&S Discussion Group.
>
>Subscription information may be found at:
>http://www.groupstudy.com/list/CCIELab.html
>
>
>_______________________________________________________________________
>You are subscribed to the GroupStudy.com CCIE R&S Discussion Group.
>
>Subscription information may be found at:
>http://www.groupstudy.com/list/CCIELab.html
This archive was generated by hypermail 2.1.4 : Tue Sep 02 2003 - 18:53:57 GMT-3